///

```Python hl_lines="9"
{!> ../../docs_src/header_params/tutorial003.py!}
```

////

与*路径操作*通信时，以下面的方式发送两个 HTTP 请求头：

```
X-Token: foo
X-Token: bar
```

响应结果是：

```JSON
{
    "X-Token values": [
        "bar",
        "foo"
    ]
}
```

## 小结

使用 `Header` 声明请求头的方式与 `Query`、`Path` 、`Cookie` 相同。

        env:
          GITHUB_CONTEXT: ${{ toJson(github) }}
        run: echo "$GITHUB_CONTEXT"
      - uses: actions/checkout@v4
        with:
          # To allow latest-changes to commit to the main branch
          token: ${{ secrets.FASTAPI_LATEST_CHANGES }}
      # Allow debugging with tmate
      - name: Setup tmate session
        uses: mxschmitt/action-tmate@v3

client = TestClient(app)


def test_login():
    response = client.post("/token", data={"username": "johndoe", "password": "secret"})
    assert response.status_code == 200, response.text
    assert response.json() == {"access_token": "johndoe", "token_type": "bearer"}


def test_login_incorrect_password():
    response = client.post(
        "/token", data={"username": "johndoe", "password": "incorrect"}
    )

pkg go/ast, method (*IndexListExpr) End() token.Pos
pkg go/ast, method (*IndexListExpr) Pos() token.Pos
pkg go/ast, type FuncType struct, TypeParams *FieldList
pkg go/ast, type IndexListExpr struct
pkg go/ast, type IndexListExpr struct, Indices []Expr
pkg go/ast, type IndexListExpr struct, Lbrack token.Pos
pkg go/ast, type IndexListExpr struct, Rbrack token.Pos
pkg go/ast, type IndexListExpr struct, X Expr

                                    <label for="token" class="col-sm-3 text-sm-right col-form-label"><la:message
                                            key="labels.dict_kuromoji_token"/></label>
                                    <div class="col-sm-9">
                                        <la:errors property="token"/>
                                        <la:text styleId="token" property="token" styleClass="form-control"/>

                ctx = createContext(trans, tdomain, negoResp, !anonymous, s);
            }
            token = createToken(ctx, token, s);

            if ( token != null ) {
                request = new Smb2SessionSetupRequest(this.getContext(), securityMode, negoResp.getCommonCapabilities(), 0, token);
                // here, messages are rejected with NOT_SUPPORTED if we start signing as soon as we can, wait until

			return &secret, nil
		}
	}

	// finally, create the sa token secret manually
	// https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#manually-create-a-service-account-api-token
	// TODO ephemeral time-based tokens are preferred; we should re-think this
	log.Infof("Creating token secret for service account %q", serviceAccount.Name)
	secretName := tokenSecretName(serviceAccount.Name)

    }

    public OptionalEntity<Set<String>> getPermissions(final HttpServletRequest request) {
        final String token = ComponentUtil.getAccessTokenHelper().getAccessTokenFromRequest(request);
        if (StringUtil.isNotBlank(token)) {
            return accessTokenBhv.selectEntity(cb -> {
                cb.query().setToken_Term(token);
            }).map(accessToken -> {
                final Set<String> permissionSet = new HashSet<>();

    if item_id not in fake_db:
        raise HTTPException(status_code=404, detail="Item not found")
    return fake_db[item_id]


@app.post("/items/", response_model=Item)
async def create_item(item: Item, x_token: Annotated[str, Header()]):
    if x_token != fake_secret_token:
        raise HTTPException(status_code=400, detail="Invalid X-Token header")
    if item.id in fake_db:

///

## Retorne o token

A resposta do endpoint `token` deve ser um objeto JSON.

Deve ter um `token_type`. No nosso caso, como estamos usando tokens "Bearer", o tipo de token deve ser "`bearer`".

E deve ter um `access_token`, com uma string contendo nosso token de acesso.

Para este exemplo simples, seremos completamente inseguros e retornaremos o mesmo `username` do token.

/// tip | Dica