使用 JWT 创建有效期为一周的令牌。第二天，用户持令牌再次访问时，仍为登录状态。

令牌于一周后过期，届时，用户身份验证就会失败。只有再次登录，才能获得新的令牌。如果用户（或第三方）篡改令牌的过期时间，因为签名不匹配会导致身份验证失败。

如需深入了解 JWT 令牌，了解它的工作方式，请参阅 <a href="https://jwt.io/" class="external-link" target="_blank">https://jwt.io</a>。

## 安装 `PyJWT`

安装 `PyJWT`，在 Python 中生成和校验 JWT 令牌：

<div class="termy">

```console
$ pip install pyjwt

---> 100%
```

</div>

/// info | 说明

# Response - Изменение статус-кода { #response-change-status-code }

Вы, вероятно, уже читали о том, что можно установить [статус-код ответа по умолчанию](../tutorial/response-status-code.md){.internal-link target=_blank}.

Но в некоторых случаях нужно вернуть другой статус-код, отличный от значения по умолчанию.

## Пример использования { #use-case }

Например, представьте, что вы хотите по умолчанию возвращать HTTP статус-код «OK» `200`.

								</li>
							</c:if>
							<c:if test="${developmentMode}">
								<li class="nav-item" data-bs-toggle="tooltip" data-placement="left"
									title="<la:message key="labels.development_mode_warning" />"

            return null;
        }
        String target = null;
        final Locale locale = ComponentUtil.getRequestManager().getUserLocale();
        if (locale != null) {
            final String lang = locale.getLanguage();
            if (ComponentUtil.getFessConfig().isOnlineHelpSupportedLang(lang)) {
                target = lang.toUpperCase(Locale.ROOT);
            }
        }

    chunkSizes = chunkSizes ?: listOf(),
    bodySize = bodySize,
    body = Buffer().write(body ?: ByteString.EMPTY),
    sequenceNumber = exchangeIndex,
    failure = failure,
    method = method,
    path = target,
    handshake = handshake,
    requestUrl = url,

///

## OpenAPI 및 API 문서

추가 상태 코드와 응답을 직접 반환하는 경우, FastAPI는 반환할 내용을 미리 알 수 있는 방법이 없기 때문에 OpenAPI 스키마(API 문서)에 포함되지 않습니다.

If you want to secure your API, there are several better things you can do, for example:

* Make sure you have well defined Pydantic models for your request bodies and responses.

#
# this script cross-compiles a toolchain for that GOOS/GOARCH
# combination, leaving the resulting tree in ../../go-${GOOS}-${GOARCH}-bootstrap.
# That tree can be copied to a machine of the given target type
# and used as $GOROOT_BOOTSTRAP to bootstrap a local build.
#
# Only changes that have been committed to Git (at least locally,
# not necessary reviewed and submitted to master) are included in the tree.
#

But for now, let's check these important **conceptual ideas**. These concepts also apply to any other type of web API. 💡

## Security - HTTPS { #security-https }

In the [previous chapter about HTTPS](https.md){.internal-link target=_blank} we learned about how HTTPS provides encryption for your API.

We also saw that HTTPS is normally provided by a component **external** to your application server, a **TLS Termination Proxy**.

* <a href="https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.1.0.md#responses-object" class="external-link" target="_blank">Objeto de Retorno OpenAPI</a>, inclui o `Response Object`.