/// info

The additional header `WWW-Authenticate` with value `Bearer` we are returning here is also part of the spec.

Any HTTP (error) status code 401 "UNAUTHORIZED" is supposed to also return a `WWW-Authenticate` header.

In the case of bearer tokens (our case), the value of that header should be `Bearer`.

You can actually skip that extra header and it would still work.

/// info | Información

El header adicional `WWW-Authenticate` con el valor `Bearer` que estamos devolviendo aquí también es parte de la especificación.

Cualquier código de estado HTTP (error) 401 "UNAUTHORIZED" se supone que también debe devolver un header `WWW-Authenticate`.

En el caso de tokens bearer (nuestro caso), el valor de ese header debe ser `Bearer`.

import com.google.common.annotations.J2ktIncompatible;
import com.google.errorprone.annotations.CanIgnoreReturnValue;
import java.io.BufferedWriter;
import java.io.IOException;
import java.io.Reader;
import java.io.Writer;
import java.nio.charset.Charset;
import java.util.Iterator;
import java.util.stream.Stream;

/**

    }

    /**
     * Reads text from the given {@link Reader}.
     * <p>
     * The {@link Reader} is not closed by this method.
     * </p>
     *
     * @param reader
     *            the character input stream to read from (must not be {@literal null})
     * @return the text read from the reader
     */
    public static String readText(final Reader reader) {
        assertArgumentNotNull("reader", reader);

# Простий OAuth2 з паролем і Bearer { #simple-oauth2-with-password-and-bearer }

Тепер продовжимо з попереднього розділу і додамо відсутні частини, щоб отримати повний потік безпеки.

## Отримайте `username` і `password` { #get-the-username-and-password }

Ми використаємо утиліти безпеки **FastAPI**, щоб отримати `username` і `password`.

// Code generated by github.com/tinylib/msgp DO NOT EDIT.

package cmd

import (
	"github.com/tinylib/msgp/msgp"
)

// DecodeMsg implements msgp.Decodable
func (z *PoolDecommissionInfo) DecodeMsg(dc *msgp.Reader) (err error) {
	var field []byte
	_ = field
	var zb0001 uint32
	zb0001, err = dc.ReadMapHeader()
	if err != nil {
		err = msgp.WrapError(err)
		return
	}
	for zb0001 > 0 {
		zb0001--

// NewReaderSize returns a new [Reader] whose buffer has at least the specified
// size. If the argument io.Reader is already a [Reader] with large enough
// size, it returns the underlying [Reader].
func NewReaderSize(rd io.Reader, size int) *Reader {
	// Is it already a Reader?
	b, ok := rd.(*Reader)
	if ok && len(b.buf) >= size {
		return b
	}
	r := new(Reader)
	r.reset(make([]byte, max(size, minReadBufferSize)), rd)

    * But it needs authentication for that specific endpoint.
    * So, to authenticate with our API, it sends a header `Authorization` with a value of `Bearer ` plus the token.
    * If the token contains `foobar`, the content of the `Authorization` header would be: `Bearer foobar`.

## **FastAPI**'s `OAuth2PasswordBearer` { #fastapis-oauth2passwordbearer }

    - Donc, pour s'authentifier auprès de notre API, il envoie un en-tête `Authorization` avec une valeur `Bearer ` suivie du token.
    - Si le token contient `foobar`, le contenu de l'en-tête `Authorization` serait : `Bearer foobar`.

## Le `OAuth2PasswordBearer` de **FastAPI** { #fastapis-oauth2passwordbearer }

            this.inputStream = inputStream;
            return this;
        }

        public XmlReaderRequestBuilder reader(Reader reader) {
            this.reader = reader;
            return this;
        }

        public XmlReaderRequestBuilder transformer(Transformer transformer) {
            this.transformer = transformer;
            return this;