assert response.status_code == 200, response.text
    assert response.json() == {"msg": "Create an account first"}


def test_token():
    response = client.get("/items", headers={"Authorization": "Bearer testtoken"})
    assert response.status_code == 200, response.text
    assert response.json() == {"token": "testtoken"}


def test_incorrect_token():

      render: shell
    validations:
      required: true
  - type: textarea
    id: what-did-you-do
    attributes:
      label: "What did you do?"
      description: "If possible, provide a recipe for reproducing the error. A complete runnable program is good. A link on [go.dev/play](https://go.dev/play) is better. A failing unit test is the best."
    validations:

# OAuth2 с паролем (и хешированием), Bearer с JWT-токенами { #oauth2-with-password-and-hashing-bearer-with-jwt-tokens }

Теперь, когда у нас определен процесс обеспечения безопасности, давайте сделаем приложение действительно безопасным, используя токены <abbr title="JSON Web Tokens - веб‑токены JSON">JWT</abbr> и безопасное хеширование паролей.

Этот код можно реально использовать в своем приложении, сохранять хэши паролей в базе данных и т.д.

q: str = Query(default="rick")
```

### Vorzüge von `Annotated` { #advantages-of-annotated }

**Es wird empfohlen, `Annotated` zu verwenden**, anstelle des Defaultwertes in Funktionsparametern, es ist aus mehreren Gründen **besser**. 🤓

Der **Default**wert des **Funktionsparameters** ist der **tatsächliche Default**wert, das ist in der Regel intuitiver mit Python. 😌

  "token_type": "Bearer",
  "expires_in": 3600
}
```

### 4. JWT Claims

The id_token received is a signed JSON Web Token (JWT). Use a JWT decoder to decode the id_token to access the payload of the token that includes following JWT claims:

I (the author, [@tiangolo](https://x.com/tiangolo)) will review it thoroughly and get back to you.

## Public Discussions

Please restrain from publicly discussing a potential security vulnerability. 🙊

It's better to discuss privately and try to find a solution first, to limit the potential impact as much as possible.

---

Thanks for your help!

/**
 * Utility class for handling Base64 encoding and decoding.
 * <p>
 * This class now uses the standard {@link java.util.Base64} implementation
 * instead of a custom implementation, providing better security and performance.
 * The API remains backward compatible with previous versions.
 * </p>
 *
 * @author higa
 */
public abstract class Base64Util {

    /**
     * Do not instantiate.
     */

在 OAuth2 中，「scope」只是宣告所需特定權限的一個字串。

是否包含像 `:` 這樣的字元，或是否是一個 URL，都沒差。

那些細節取決於實作。

對 OAuth2 而言，它們就是字串。

///

## 全局概觀 { #global-view }

先快速看看相對於主教學「使用密碼（與雜湊）、Bearer 與 JWT token 的 OAuth2」的差異（[OAuth2 with Password (and hashing), Bearer with JWT tokens](../../tutorial/security/oauth2-jwt.md)）。現在加入了 OAuth2 scopes：

{* ../../docs_src/security/tutorial005_an_py310.py hl[5,9,13,47,65,106,108:116,122:126,130:136,141,157] *}

# OAuth2 com Senha (e hashing), Bearer com tokens JWT { #oauth2-with-password-and-hashing-bearer-with-jwt-tokens }

Agora que temos todo o fluxo de segurança, vamos tornar a aplicação realmente segura, usando tokens <abbr title="JSON Web Tokens">JWT</abbr> e hashing de senhas seguras.

Este código é algo que você pode realmente usar na sua aplicação, salvar os hashes das senhas no seu banco de dados, etc.

Vamos começar de onde paramos no capítulo anterior e incrementá-lo.

 * under the License.
 */
package org.apache.maven.artifact.resolver.filter;

import org.apache.maven.artifact.Artifact;

/**
 * Filter to only retain objects in the given artifactScope or better.
 *
 */
abstract class AbstractScopeArtifactFilter implements ArtifactFilter {

    private boolean compileScope;

    private boolean runtimeScope;

    private boolean testScope;