`**user_dict`에 대한 자세한 설명은 [**추가 모델** 문서](../extra-models.md#about-user_indict){.internal-link target=_blank}를 다시 읽어봅시다.

///

## 토큰 반환하기

`token` 엔드포인트의 응답은 JSON 객체여야 합니다.

`token_type`이 있어야 합니다. 여기서는 "Bearer" 토큰을 사용하므로 토큰 유형은 "`bearer`"여야 합니다.

그리고 액세스 토큰을 포함하는 문자열과 함께 `access_token`이 있어야 합니다.

이 간단한 예제에서는 완전히 안전하지 않고, 동일한 `username`을 토큰으로 반환합니다.

/// 팁

# Body – Verschachtelte Modelle

Mit **FastAPI** können Sie (dank Pydantic) beliebig tief verschachtelte Modelle definieren, validieren und dokumentieren.

## Listen als Felder

Sie können ein Attribut als Kindtyp definieren, zum Beispiel eine Python-`list`e.

//// tab | Python 3.10+

```Python hl_lines="12"
{!> ../../docs_src/body_nested_models/tutorial001_py310.py!}
```

////

//// tab | Python 3.8+

```Python hl_lines="14"

        )

    tasks.add_task(bg, state)
    return state


@app.middleware("http")
async def middleware(request, call_next):
    response: StreamingResponse = await call_next(request)
    response.headers["x-state"] = json.dumps(state.copy())
    return response


client = TestClient(app)


def test_async_state():
    assert state["/async"] == "asyncgen not started"
    response = client.get("/async")

  # set up symlink for devtoolset-10
  rm -f /dt10/usr/include/aarch64-linux-gnu/$f
  ln -s /usr/include/aarch64-linux-gnu/$f /dt10/usr/include/aarch64-linux-gnu/$f
done
popd

# Python 3.10 include headers fix:
# sysconfig.get_path('include') incorrectly points to /usr/local/include/python
# map /usr/include/python3.10 to /usr/local/include/python3.10
if [[ ! -f "/usr/local/include/$VERSION" ]]; then

			fmt.Println(args...)
		}
	}
	// Inject random reader/writer sleeps.
	const maxSleep = int(1 * time.Millisecond)
	doSleep := !testing.Short()
	rb := New(4 << 10).SetBlocking(true)

	// Reader
	var readErr error
	var wg sync.WaitGroup
	wg.Add(1)
	go func() {
		readRng := rand.New(rand.NewSource(1))
		defer wg.Done()
		defer rb.CloseWithError(readErr)
		buf := make([]byte, 1024)
		for {
			// Read

OpenAPI 有一种定义多个安全「方案」的方法。

通过使用它们，你可以利用所有这些基于标准的工具，包括这些交互式文档系统。

OpenAPI 定义了以下安全方案：

* `apiKey`：一个特定于应用程序的密钥，可以来自：
    * 查询参数。
    * 请求头。
    * cookie。
* `http`：标准的 HTTP 身份认证系统，包括：
    * `bearer`: 一个值为 `Bearer` 加令牌字符串的 `Authorization` 请求头。这是从 OAuth2 继承的。
    * HTTP Basic 认证方式。
    * HTTP Digest，等等。
* `oauth2`：所有的 OAuth2 处理安全性的方式（称为「流程」）。
    *以下几种流程适合构建 OAuth 2.0 身份认证的提供者（例如 Google，Facebook，Twitter，GitHub 等）：

    <dependency>
      <groupId>org.apache.maven</groupId>
      <artifactId>maven-logging</artifactId>
    </dependency>
    <dependency>
      <groupId>org.jline</groupId>
      <artifactId>jline-reader</artifactId>
    </dependency>
    <dependency>
      <groupId>org.jline</groupId>
      <artifactId>jline-terminal-jni</artifactId>
    </dependency>
    <dependency>
      <groupId>org.jline</groupId>

          </models>
        </configuration>
        <executions>
          <execution>
            <id>modello</id>
            <goals>
              <goal>java</goal>
              <goal>xpp3-reader</goal>
              <goal>xpp3-writer</goal>
            </goals>
          </execution>
        </executions>
      </plugin>
    </plugins>
  </build>

client = TestClient(app)


def test_security_oauth2():
    response = client.get("/users/me", headers={"Authorization": "Bearer footokenbar"})
    assert response.status_code == 200, response.text
    assert response.json() == {"username": "Bearer footokenbar"}


def test_security_oauth2_password_other_header():
    response = client.get("/users/me", headers={"Authorization": "Other footokenbar"})
    assert response.status_code == 200, response.text

client = TestClient(app)


def test_security_oauth2():
    response = client.get("/users/me", headers={"Authorization": "Bearer footokenbar"})
    assert response.status_code == 200, response.text
    assert response.json() == {"username": "Bearer footokenbar"}


def test_security_oauth2_password_other_header():
    response = client.get("/users/me", headers={"Authorization": "Other footokenbar"})
    assert response.status_code == 200, response.text