def test_security_oauth2():
    response = client.get("/users/me", headers={"Authorization": "Bearer footokenbar"})
    assert response.status_code == 200, response.text
    assert response.json() == {"username": "Bearer footokenbar"}


def test_security_oauth2_password_other_header():
    response = client.get("/users/me", headers={"Authorization": "Other footokenbar"})
    assert response.status_code == 200, response.text

    * But it needs authentication for that specific endpoint.
    * So, to authenticate with our API, it sends a header `Authorization` with a value of `Bearer ` plus the token.
    * If the token contains `foobar`, the content of the `Authorization` header would be: `Bearer foobar`.

## **FastAPI**'s `OAuth2PasswordBearer` { #fastapis-oauth2passwordbearer }

			authString:    "NoV2Prefix",
			expectedError: ErrSignatureVersionNotSupported,
		},
		// Test case - 3.
		// Test case with missing parts in the Auth string.
		// below is the correct format of V2 Authorization header.
		// Authorization = "AWS" + " " + AWSAccessKeyId + ":" + Signature
		{
			authString:    signV2Algorithm,
			expectedError: ErrMissingFields,
		},
		// Test case - 4.
		// Test case with signature part missing.

        - 因此使用者之後需要重新登入。
        - 若 token 被竊取，風險也較低；它不像永遠有效的萬用鑰匙（多數情況下）。
- 前端會暫存這個 token。
- 使用者在前端點擊前往其他頁面/區段。
- 前端需要再向 API 取得資料。
    - 但該端點需要驗證。
    - 因此為了向 API 驗證，請求會帶上一個 `Authorization` 標頭，值為 `Bearer ` 加上 token。
    - 例如 token 是 `foobar`，則 `Authorization` 標頭內容為：`Bearer foobar`。

## FastAPI 的 `OAuth2PasswordBearer` { #fastapis-oauth2passwordbearer }

FastAPI 提供多層抽象的工具來實作這些安全機制。

        * 如果令牌被窃取，风险也更小。它不像一把永久有效的钥匙（在大多数情况下）。
* 前端会把令牌临时存储在某处。
* 用户在前端中点击跳转到前端应用的其他部分。
* 前端需要从 API 获取更多数据。
    * 但该端点需要身份验证。
    * 因此，为了与我们的 API 进行身份验证，它会发送一个 `Authorization` 请求头，值为 `Bearer ` 加上令牌。
    * 如果令牌内容是 `foobar`，`Authorization` 请求头的内容就是：`Bearer foobar`。

## **FastAPI** 的 `OAuth2PasswordBearer` { #fastapis-oauth2passwordbearer }

**FastAPI** 在不同抽象层级提供了多种安全工具。

        List<KerberosAuthData> authorizations = relevantAuthData.getAuthorizations();
        assertNotNull(authorizations, "The authorizations list should not be null.");
        assertEquals(1, authorizations.size(), "The authorizations list should contain one element.");
        assertEquals(mockAuthData, authorizations.get(0), "The authorization element should be the mocked object.");
    }

    /**

                authHeader = "WWW-Authenticate";
                this.authProperty = "Authorization";
            } else {
                authHeader = "Proxy-Authenticate";
                this.authProperty = "Proxy-Authorization";
            }
            String authorization = null;
            final List<String> methods = getHeaderFields0().get(authHeader);
            if (methods == null) {

                File("docs/images/logo-square.png").asRequestBody(MEDIA_TYPE_PNG))
            .build()

        val request = Request.Builder()
            .header("Authorization", "Client-ID $IMGUR_CLIENT_ID")
            .url("https://api.imgur.com/3/image")
            .post(requestBody)
            .build()

        client.newCall(request).execute().use { response ->

            url.toUrl(),
            Authenticator.RequestorType.SERVER,
          )
        }

      if (auth != null) {
        val credentialHeader = if (proxyAuthorization) "Proxy-Authorization" else "Authorization"
        val credential =
          Credentials.basic(
            auth.userName,
            String(auth.password),
            challenge.charset,
          )
        return request

    return {"scheme": credentials.scheme, "credentials": credentials.credentials}


client = TestClient(app)


def test_security_http_bearer():
    response = client.get("/users/me", headers={"Authorization": "Bearer foobar"})
    assert response.status_code == 200, response.text
    assert response.json() == {"scheme": "Bearer", "credentials": "foobar"}


def test_security_http_bearer_no_credentials():