En esta excepción, incluimos los scopes requeridos (si los hay) como un string separado por espacios (usando `scope_str`). Ponemos ese string que contiene los scopes en el header `WWW-Authenticate` (esto es parte de la especificación).

{* ../../docs_src/security/tutorial005_an_py310.py hl[106,108:116] *}

## Verificar el `username` y la forma de los datos { #verify-the-username-and-data-shape }

    - 为指定的端点（Endpoint）进行身份验证
    - 因此，用 API 验证身份时，要发送值为 `Bearer` + 令牌的请求头 `Authorization`
    - 假如令牌为 `foobar`，`Authorization` 请求头就是： `Bearer foobar`

## **FastAPI** 的 `OAuth2PasswordBearer`

**FastAPI** 提供了不同抽象级别的安全工具。

本例使用 **OAuth2** 的 **Password** 流以及 **Bearer** 令牌（`Token`）。为此要使用 `OAuth2PasswordBearer` 类。

/// info | 说明

`Bearer` 令牌不是唯一的选择。

但它是最适合这个用例的方案。

  val method: String? by option("-X", "--request").help("Specify request command to use")

  val data: String? by option("-d", "--data").help("HTTP POST data")

  val headers: List<String>? by option("-H", "--header").help("Custom header to pass to server").multiple()

  val userAgent: String by option(
    "-A",
    "--user-agent",
  ).help(
    "User-Agent to send to server",
  ).default(NAME + "/" + versionString())

    user = fake_decode_token(token)
    if not user:
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail="Not authenticated",
            headers={"WWW-Authenticate": "Bearer"},
        )
    return user


async def get_current_active_user(
    current_user: Annotated[User, Depends(get_current_user)],
):
    if current_user.disabled:

						</ul>
					</div>
				</div>
			</nav>
		</header>

		<main id="content" class="container">
			<h2>
				<la:message key="labels.advance_search_title" />
			</h2>
			<div class="notification">${notification}</div>
			<div>
				<la:info id="msg" message="true">
					<div class="alert alert-info">${msg}</div>
				</la:info>

        final List<ProtwordsItem> itemList = new ArrayList<>();
        try (BufferedReader reader = new BufferedReader(new InputStreamReader(in, Constants.UTF_8))) {
            long id = 0;
            String line = null;
            while ((line = reader.readLine()) != null) {
                if (line.length() == 0 || line.charAt(0) == '#') {
                    if (updater != null) {

    - tutorial/body-nested-models.md
    - tutorial/schema-extra-example.md
    - tutorial/extra-data-types.md
    - tutorial/cookie-params.md
    - tutorial/header-params.md
    - tutorial/cookie-param-models.md
    - tutorial/header-param-models.md
    - tutorial/response-model.md
    - tutorial/extra-models.md
    - tutorial/response-status-code.md
    - tutorial/request-forms.md

	// Before proceeding validate if bucket exists.
	_, err := objAPI.GetBucketInfo(ctx, bucket, BucketOptions{})
	if err != nil {
		writeErrorResponse(ctx, w, toAPIError(ctx, err), r.URL)
		return
	}

	aclHeader := r.Header.Get(xhttp.AmzACL)
	if aclHeader == "" {
		acl := &accessControlPolicy{}
		if err = xmlDecoder(r.Body, acl, r.ContentLength); err != nil {
			if terr, ok := err.(*xml.SyntaxError); ok && terr.Msg == io.EOF.Error() {

    user = fake_decode_token(token)
    if not user:
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail="Not authenticated",
            headers={"WWW-Authenticate": "Bearer"},
        )
    return user


async def get_current_active_user(current_user: User = Depends(get_current_user)):
    if current_user.disabled:

    processed_keys = set()

    for field in fields_to_extract:
        alias = None
        if isinstance(received_params, Headers):
            # Handle fields extracted from a Pydantic Model for a header, each field
            # doesn't have a FieldInfo of type Header with the default convert_underscores=True
            convert_underscores = getattr(