}

    /**
     * Encodes this SPNEGO token to a byte array
     * @return the encoded token bytes
     */
    public abstract byte[] toByteArray();

    /**
     * Parses the provided token bytes to populate this SPNEGO token
     * @param token the token bytes to parse
     * @throws IOException if parsing fails
     */
    protected abstract void parse(byte[] token) throws IOException;

        // Security Buffer Length
        assertEquals(token.length, SMBUtil.readInt2(buffer, bodyOffset + 14));

        // Previous Session ID
        assertEquals(previousSessionId, SMBUtil.readInt8(buffer, bodyOffset + 16));

        // Token content
        byte[] actualToken = new byte[token.length];
        System.arraycopy(buffer, securityBufferOffset, actualToken, 0, token.length);
        assertArrayEquals(token, actualToken);

    public String token;

    /**
     * The permissions associated with this access token.
     * Defines what operations and resources this token can access.
     */
    @CustomSize(maxKey = "form.admin.max.input.size")
    public String permissions;

    /**
     * The parameter name for the access token.
     * This field specifies how the token should be passed in API requests.
     * Maximum length is 10000 characters.

Actualiza `get_current_user` para recibir el mismo token que antes, pero esta vez, usando tokens JWT.

Decodifica el token recibido, verifícalo y devuelve el usuario actual.

Si el token es inválido, devuelve un error HTTP de inmediato.

{* ../../docs_src/security/tutorial004_an_py310.py hl[90:107] *}

## Actualizar la *path operation* `/token` { #update-the-token-path-operation }

Se não houver um header `Authorization`, ou se o valor não tiver um token `Bearer `, ele responderá diretamente com um erro de status 401 (`UNAUTHORIZED`).

Você nem precisa verificar se o token existe para retornar um erro. Você pode ter certeza de que, se sua função for executada, ela terá uma `str` nesse token.

Si no ve un header `Authorization`, o el valor no tiene un token `Bearer `, responderá directamente con un error de código de estado 401 (`UNAUTHORIZED`).

Ni siquiera tienes que verificar si el token existe para devolver un error. Puedes estar seguro de que si tu función se ejecuta, tendrá un `str` en ese token.

Puedes probarlo ya en los docs interactivos:

def test_read_nonexistent_item():
    response = client.get("/items/baz", headers={"X-Token": "coneofsilence"})
    assert response.status_code == 404
    assert response.json() == {"detail": "Item not found"}


def test_create_item():
    response = client.post(
        "/items/",
        headers={"X-Token": "coneofsilence"},

@pytest.mark.parametrize(
    "path,headers,expected_status,expected_response",
    [
        ("/items", None, 200, {"X-Token values": None}),
        ("/items", {"x-token": "foo"}, 200, {"X-Token values": ["foo"]}),
        (
            "/items",
            [("x-token", "foo"), ("x-token", "bar")],
            200,
            {"X-Token values": ["foo", "bar"]},
        ),
    ],
)

        }, "A PACDecodingException should be thrown for a malformed token.");

        assertEquals("Malformed kerberos ticket", exception.getMessage(), "The exception message should indicate a malformed ticket.");
    }

    /**
     * Test constructor with an empty token.
     * Empty token causes readObject() to return null, which leads to NullPointerException.
     */
    @Test

app = FastAPI()

oauth2_scheme = OAuth2PasswordBearer(
    tokenUrl="/token",
    description="OAuth2PasswordBearer security scheme",
    auto_error=False,
)


@app.get("/items/")
async def read_items(token: Optional[str] = Security(oauth2_scheme)):
    if token is None:
        return {"msg": "Create an account first"}
    return {"token": token}


client = TestClient(app)


def test_no_token():