Par exemple, pour déclarer un en-tête `X-Token` qui peut apparaître plusieurs fois, vous pouvez écrire :

{* ../../docs_src/header_params/tutorial003_an_py310.py hl[9] *}

Si vous communiquez avec ce *chemin d'accès* en envoyant deux en-têtes HTTP comme :

```
X-Token: foo
X-Token: bar
```

La réponse ressemblerait à ceci :

```JSON
{
    "X-Token values": [
        "bar",
        "foo"
    ]
}

///

## Token’ı Döndürme { #return-the-token }

`token` endpoint’inin response’u bir JSON object olmalıdır.

Bir `token_type` içermelidir. Biz "Bearer" token’ları kullandığımız için token type "`bearer`" olmalıdır.

Ayrıca `access_token` içermelidir; bunun değeri access token’ımızı içeren bir string olmalıdır.

Bu basit örnekte tamamen güvensiz davranıp token olarak aynı `username`’i döndüreceğiz.

/// tip | İpucu

<img src="/img/tutorial/security/image11.png">

## Token JWT com escopos { #jwt-token-with-scopes }

Agora, modifique a *operação de rota* do token para retornar os escopos solicitados.

Nós ainda estamos utilizando o mesmo `OAuth2PasswordRequestForm`. Ele inclui a propriedade `scopes` com uma `list` de `str`, com cada escopo que ele recebeu na requisição.

E nós retornamos os escopos como parte do token JWT.

/// danger | Cuidado

///

## Retorne o token { #return-the-token }

A resposta do endpoint `token` deve ser um objeto JSON.

Deve ter um `token_type`. No nosso caso, como estamos usando tokens "Bearer", o tipo de token deve ser "`bearer`".

E deve ter um `access_token`, com uma string contendo nosso token de acesso.

ExclusiveFileAccessM { public void ExclusiveFileAccessM(); public static void maybeCloseQuietly(java.io.Closeable); } org/gradle/util/internal/WrapperCredentials.class package org.gradle.util.internal; public final class WrapperCredentials { public final String token; public final String basicUserInfo; public void WrapperCredentials(String, String); public static String tryGetProperty(String, String, java.util.function.Function); public final boolean equals(Object); public final int hashCode(); public final String...

/// tip | Подсказка

Здесь `tokenUrl="token"` ссылается на относительный URL `token`, который мы еще не создали. Поскольку это относительный URL, он эквивалентен `./token`.

.Values.metrics.serviceMonitor.relabelConfigs }} {{- toYaml .Values.metrics.serviceMonitor.relabelConfigs | nindent 6 }} {{- end }} {{- if not .Values.metrics.serviceMonitor.public }} bearerTokenSecret: name: {{ template "minio.fullname" . }}-prometheus key: token {{- end }} namespaceSelector: matchNames: - {{ .Release.Namespace | quote }} selector: matchLabels: app: {{ include "minio.name" . }} release: {{ .Release.Name }} monitoring: "true" {{- end }} {{- if .Values.metrics.serviceMonitor.enabled }} --- apiVersion:...

.Values.metrics.serviceMonitor.relabelConfigs }} {{- toYaml .Values.metrics.serviceMonitor.relabelConfigs | nindent 6 }} {{- end }} {{- if not .Values.metrics.serviceMonitor.public }} bearerTokenSecret: name: {{ template "minio.fullname" . }}-prometheus key: token {{- end }} namespaceSelector: matchNames: - {{ .Release.Namespace | quote }} selector: matchLabels: app: {{ include "minio.name" . }} release: {{ .Release.Name }} monitoring: "true" {{- end }} {{- if .Values.metrics.serviceMonitor.enabled }} --- apiVersion:...

.Values.metrics.serviceMonitor.relabelConfigs }} {{ toYaml .Values.metrics.serviceMonitor.relabelConfigs | indent 6 }} {{- end }} {{- if not .Values.metrics.serviceMonitor.public }} bearerTokenSecret: name: {{ template "minio.fullname" . }}-prometheus key: token {{- end }} namespaceSelector: matchNames: - {{ .Release.Namespace | quote }} selector: matchLabels: app: {{ include "minio.name" . }} release: {{ .Release.Name }} monitoring: "true" {{- end }} {{- if .Values.metrics.serviceMonitor.enabled }} --- apiVersion:...

.Values.metrics.serviceMonitor.relabelConfigs }} {{ toYaml .Values.metrics.serviceMonitor.relabelConfigs | indent 6 }} {{- end }} {{- if not .Values.metrics.serviceMonitor.public }} bearerTokenSecret: name: {{ template "minio.fullname" . }}-prometheus key: token {{- end }} namespaceSelector: matchNames: - {{ .Release.Namespace | quote }} selector: matchLabels: app: {{ include "minio.name" . }} release: {{ .Release.Name }} monitoring: "true" {{- end }} {{- if .Values.metrics.serviceMonitor.enabled }} --- apiVersion:...