{* ../../docs_src/security/tutorial001.py hl[6] *}

/// tip | 提示

在此，`tokenUrl="token"` 指向的是暂未创建的相对 URL `token`。这个相对 URL 相当于 `./token`。

因为使用的是相对 URL，如果 API 位于 `https://example.com/`，则指向 `https://example.com/token`。但如果 API 位于 `https://example.com/api/v1/`，它指向的就是`https://example.com/api/v1/token`。

使用相对 URL 非常重要，可以确保应用在遇到[使用代理](../../advanced/behind-a-proxy.md){.internal-link target=_blank}这样的高级用例时，也能正常运行。

    if item_id not in fake_db:
        raise HTTPException(status_code=404, detail="Item not found")
    return fake_db[item_id]


@app.post("/items/", response_model=Item)
async def create_item(item: Item, x_token: Annotated[str, Header()]):
    if x_token != fake_secret_token:
        raise HTTPException(status_code=400, detail="Invalid X-Token header")
    if item.id in fake_db:

      # Ref: https://github.com/actions/checkout/issues/2313
      - uses: actions/checkout@v5
        with:
          # To allow latest-changes to commit to the main branch
          token: ${{ secrets.FASTAPI_LATEST_CHANGES }}
      # Allow debugging with tmate
      - name: Setup tmate session
        uses: mxschmitt/action-tmate@v3

on:
  push:
    branches:
      - master
  pull_request:
  workflow_dispatch:

permissions: { }

jobs:
  code-owners-validation:
    permissions:
      contents: read
      id-token: write
    runs-on: ubuntu-latest
    steps:
      - name: Get Secrets
        uses: gradle/actions-internal/get-aws-secrets@v1

	}
	return false
}

// BatchJobNotification stores notification endpoint and token information.
// Used by batch jobs to notify of their status.
type BatchJobNotification struct {
	line, col int
	Endpoint  string `yaml:"endpoint" json:"endpoint"`
	Token     string `yaml:"token" json:"token"`
}

var _ yaml.Unmarshaler = &BatchJobNotification{}

/// tip | Подсказка

Здесь `tokenUrl="token"` ссылается на относительный URL `token`, который мы еще не создали. Поскольку это относительный URL, он эквивалентен `./token`.

	if err != nil {
		log.Fatalf("Failed to generate OIDC token: %v", err)
	}

	roleARN := os.Getenv("ROLE_ARN")
	webID := cr.STSWebIdentity{
		Client:      &http.Client{},
		STSEndpoint: endpoint,
		GetWebIDTokenExpiry: func() (*cr.WebIdentityToken, error) {
			return &cr.WebIdentityToken{
				Token: oidcToken,
			}, nil
		},
		RoleARN: roleARN,
	}

	value, err := webID.Retrieve()

oauth2_scheme = OAuth2AuthorizationCodeBearer(
    authorizationUrl="api/oauth/authorize",
    tokenUrl="/api/oauth/token",
    scopes={"read": "Read access", "write": "Write access"},
)


async def get_token(token: Annotated[str, Depends(oauth2_scheme)]) -> str:
    return token


app = FastAPI(dependencies=[Depends(get_token)])

		AddBroker(args.Broker.String())

	target.client = mqtt.NewClient(options)

	token := target.client.Connect()
	ok := token.WaitTimeout(reconnectInterval)
	if !ok {
		return store.ErrNotConnected
	}
	if token.Error() != nil {
		return token.Error()
	}

	yes, err := target.isActive()
	if err != nil {
		return err
	}
	if !yes {

app = FastAPI()


@app.post("/files/")
async def create_file(
    file: Annotated[bytes, File()],
    fileb: Annotated[UploadFile, File()],
    token: Annotated[str, Form()],
):
    return {
        "file_size": len(file),
        "token": token,
        "fileb_content_type": fileb.content_type,