我们将在主 `FastAPI` 应用中包含该 `APIRouter`，但首先，让我们来看看依赖项和另一个 `APIRouter`。

## 依赖项

我们了解到我们将需要一些在应用程序的好几个地方所使用的依赖项。

因此，我们将它们放在它们自己的 `dependencies` 模块（`app/dependencies.py`）中。

现在我们将使用一个简单的依赖项来读取一个自定义的 `X-Token` 请求首部：

```Python hl_lines="1  4-6" title="app/dependencies.py"
{!../../docs_src/bigger_applications/app/dependencies.py!}
```

/// tip

我们正在使用虚构的请求首部来简化此示例。

pkg go/build, type Directive struct #56986
pkg go/build, type Directive struct, Pos token.Position #56986
pkg go/build, type Directive struct, Text string #56986
pkg go/build, type Package struct, Directives []Directive #56986
pkg go/build, type Package struct, TestDirectives []Directive #56986
pkg go/build, type Package struct, XTestDirectives []Directive #56986
pkg go/token, method (*File) Lines() []int #57708

¨CSumAlgo ¨PartNums‘ ©PartETagsÀ©PartSizes‘Ñ$CªPartASizes‘Ñ$C¤SizeÑ$C¥MTimeÓ É ¸Åñ€§MetaSys ¼x-minio-internal-inline-dataÄ true§MetaUsr‚¤etagÙ d6566afb36d109141150¬content-type°application/json¡v ΄‰S ¤nullÅ , fÿ+ÛM¸" x[- Òc‰0Hûð 9Ê(#ñ´{ Dff"},{"key":"broker","value":""},{"key":"topic","value":""},{"key":"password","value":""},{"key":"username","value":""},{"key":"qos","value":"0"},{"key":"keep_alive_interval","value":"0s"},{"key":"reconnect_interval","value":"0s"},{"key":"queue_dir","value":""},{"ke...

    @Test
    public void testFilterWithHeaderUpdatesClient() {
        final Client mockNewClient = mock(Client.class);
        final Map<String, String> headers = new HashMap<>();
        headers.put("Authorization", "Bearer token");

        when(mockClient.filterWithHeader(headers)).thenReturn(mockNewClient);

        final Client result = fesenClient.filterWithHeader(headers);

        assertSame(fesenClient, result); // Should return this

Это тот же механизм, когда вы даёте разрешения при входе через Facebook, Google, GitHub и т.д.:

<img src="/img/tutorial/security/image11.png">

## JWT-токены со scopes { #jwt-token-with-scopes }

Теперь измените операцию пути, выдающую токен, чтобы возвращать запрошенные scopes.

font-size(inherit);\n    color: inherit;\n    word-break: normal;\n  }\n}\n\ncode {\n  @include font-size($code-font-size);\n  color: var(--#{$prefix}code-color);\n  word-wrap: break-word;\n\n  // Streamline the style when inside anchors to avoid broken underline and more\n  a > & {\n    color: inherit;\n  }\n}\n\nkbd {\n  padding: $kbd-padding-y $kbd-padding-x;\n  @include font-size($kbd-font-size);\n  color: $kbd-color;\n  background-color: $kbd-bg;\n  @include border-radius($border-radius-sm);\n\n...

$enable-rounded {\n    border-bottom-left-radius: valid-radius($radius);\n  }\n}\n","// Inline code\ncode {\n  @include font-size($code-font-size);\n  color: $code-color;\n  word-wrap: break-word;\n\n  // Streamline the style when inside anchors to avoid broken underline and more\n  a > & {\n    color: inherit;\n  }\n}\n\n// User input typically entered via keyboard\nkbd {\n  padding: $kbd-padding-y $kbd-padding-x;\n  @include font-size($kbd-font-size);\n  color: $kbd-color;\n  background-color: $kbd-bg;\n...

    assertThat(response.cacheResponse!!.request.url).isEqualTo(request.url)
  }

  @Test
  fun postWithOverrideResponse() {
    val url = server.url("/abc?token=123")
    val cacheUrlOverride = url.newBuilder().removeAllQueryParameters("token").build()

    val request =
      Request
        .Builder()
        .url(url)
        .method("POST", "XYZ".toRequestBody())

testdata/huffman-zero.wb.expect", "src/compress/flate/testdata/huffman-zero.wb.expect-noinput", "src/compress/flate/testdata/null-long-match.dyn.expect-noinput", "src/compress/flate/testdata/null-long-match.wb.expect-noinput", "src/compress/flate/token.go", "src/compress/flate/writer_test.go", "src/compress/gzip/", "src/compress/gzip/example_test.go", "src/compress/gzip/gunzip.go", "src/compress/gzip/gunzip_test.go", "src/compress/gzip/gzip.go", "src/compress/gzip/gzip_test.go", "src/compress/gz...

`get_current_user` 함수를 이전과 동일한 토큰을 받도록 수정하되, 이번에는 JWT 토큰을 사용하도록 합니다.

받은 토큰을 디코딩하여 검증한 후 현재 사용자를 반환합니다.

토큰이 유효하지 않다면 HTTP 오류를 반환합니다.

{* ../../docs_src/security/tutorial004_an_py310.py hl[90:107] *}

## `/token` 경로 작업 수정

토큰의 만료 시각을 설정하기 위해 `timedelta` 를 생성합니다.

실제 JWT 액세스 토큰을 생성하여 반환합니다.

{* ../../docs_src/security/tutorial004_an_py310.py hl[118:133] *}

### JWT "주체(subject)" `sub`에 대한 기술 세부 사항