///

## 토큰 반환하기

`token` 엔드포인트의 응답은 JSON 객체여야 합니다.

`token_type`이 있어야 합니다. 여기서는 "Bearer" 토큰을 사용하므로 토큰 유형은 "`bearer`"여야 합니다.

그리고 액세스 토큰을 포함하는 문자열과 함께 `access_token`이 있어야 합니다.

이 간단한 예제에서는 완전히 안전하지 않고, 동일한 `username`을 토큰으로 반환합니다.

/// tip | 팁

다음 장에서는 패스워드 해싱 및 <abbr title="JSON Web Tokens">JWT</abbr> 토큰을 사용하여 실제 보안 구현을 볼 수 있습니다.

하지만 지금은 필요한 세부 정보에 집중하겠습니다.

<img src="/img/tutorial/security/image11.png">

## JWT token with scopes { #jwt-token-with-scopes }

Now, modify the token *path operation* to return the scopes requested.

We are still using the same `OAuth2PasswordRequestForm`. It includes a property `scopes` with a `list` of `str`, with each scope it received in the request.

And we return the scopes as part of the JWT token.

/// danger

# Oauth2️⃣ ⏮️ 🔐 (& 🔁), 📨 ⏮️ 🥙 🤝

🔜 👈 👥 ✔️ 🌐 💂‍♂ 💧, ➡️ ⚒ 🈸 🤙 🔐, ⚙️ <abbr title="JSON Web Tokens">🥙</abbr> 🤝 &amp; 🔐 🔐 🔁.

👉 📟 🕳 👆 💪 🤙 ⚙️ 👆 🈸, 🖊 🔐 #️⃣ 👆 💽, ♒️.

👥 🔜 ▶️ ⚪️➡️ 🌐❔ 👥 ◀️ ⏮️ 📃 &amp; 📈 ⚫️.

## 🔃 🥙

🥙 ⛓ "🎻 🕸 🤝".

⚫️ 🐩 🚫 🎻 🎚 📏 💧 🎻 🍵 🚀. ⚫️ 👀 💖 👉:

```

		ID:    owner.ID,
		Name:  "user",
		Token: Token{Content: "token2"},
	}
	o2, err := saveTokenOwner(&owner)
	if err != nil {
		t.Errorf("failed to save token owner, got error: %v", err)
	}
	if o2.Name != "user_name" {
		t.Errorf(`owner name should be "user_name", but got: "%s"`, o2.Name)
	}
	if o2.Token.Content != "token2_encrypted" {

{* ../../docs_src/security/tutorial001_an_py39.py hl[8] *}

/// tip

Here `tokenUrl="token"` refers to a relative URL `token` that we haven't created yet. As it's a relative URL, it's equivalent to `./token`.

        }, "A PACDecodingException should be thrown for a malformed token.");

        assertEquals("Malformed kerberos ticket", exception.getMessage(), "The exception message should indicate a malformed ticket.");
    }

    /**
     * Test constructor with an empty token.
     * Empty token causes readObject() to return null, which leads to NullPointerException.
     */
    @Test

    }

    /**
     * Constructs a NegTokenInit by parsing the provided token bytes
     * @param token the SPNEGO token bytes to parse
     * @throws IOException if parsing fails
     */
    public NegTokenInit(final byte[] token) throws IOException {
        parse(token);
    }

    /**
     * Gets the context flags indicating security capabilities

* **Sicheres Passwort**-Hashing standardmäßig.
* **JWT-Token**-Authentifizierung.
* **SQLAlchemy**-Modelle (unabhängig von Flask-Erweiterungen, sodass sie direkt mit Celery-Workern verwendet werden können).

    void testParseRejectsUnknownField() throws Exception {
        ASN1TaggedObject unknown = new DERTaggedObject(true, 7, new DEROctetString(new byte[] { 0x01 }));
        byte[] token = buildInitToken(new ASN1ObjectIdentifier[] { OID_KRB }, 0, null, null, false, null, null, unknown);

        IOException ex = assertThrows(IOException.class, () -> new NegTokenInit(token));

     *
     * @param id The ID of the item.
     * @param token The token.
     * @param segmentation The segmentation.
     * @param reading The reading.
     * @param pos The part of speech.
     */
    public KuromojiItem(final long id, final String token, final String segmentation, final String reading, final String pos) {
        this.id = id;
        this.token = token;
        this.segmentation = segmentation;