def test_token():
    response = client.get("/items", headers={"Authorization": "Bearer testtoken"})
    assert response.status_code == 200, response.text
    assert response.json() == {"token": "testtoken"}


def test_incorrect_token():
    response = client.get("/items", headers={"Authorization": "Notexistent testtoken"})
    assert response.status_code == 401, response.text

	"net/url"
	"strings"
	"time"

	"github.com/minio/minio/internal/auth"
	xhttp "github.com/minio/minio/internal/http"
)

// credentialHeader data type represents structured form of Credential
// string from authorization header.
type credentialHeader struct {
	accessKey string
	scope     struct {
		date    time.Time
		region  string
		service string
		request string
	}
}

// Return scope string.

    return {"scheme": credentials.scheme, "credentials": credentials.credentials}


client = TestClient(app)


def test_security_http_bearer():
    response = client.get("/users/me", headers={"Authorization": "Bearer foobar"})
    assert response.status_code == 200, response.text
    assert response.json() == {"scheme": "Bearer", "credentials": "foobar"}


def test_security_http_bearer_no_credentials():

    return {"scheme": credentials.scheme, "credentials": credentials.credentials}


client = TestClient(app)


def test_security_http_digest():
    response = client.get("/users/me", headers={"Authorization": "Digest foobar"})
    assert response.status_code == 200, response.text
    assert response.json() == {"scheme": "Digest", "credentials": "foobar"}


def test_security_http_digest_no_credentials():

    * Но для этого необходима аутентификация для конкретной конечной точки.
    * Поэтому для аутентификации в нашем API он посылает заголовок `Authorization` со значением `Bearer` плюс сам токен.
    * Если токен содержит `foobar`, то содержание заголовка `Authorization` будет таким: `Bearer foobar`.

## Класс `OAuth2PasswordBearer` в **FastAPI**

tls {
    cert_file:  "./testdata/contrib/certs/nats_server_cert.pem"
    key_file:   "./testdata/contrib/certs/nats_server_key.pem"
    ca_file:   "./testdata/contrib/certs/root_ca_cert.pem"
    verify_and_map: true
}
authorization {
    ADMIN = {
        publish = ">"
        subscribe = ">"
    }
    users = [
        {user: "CN=localhost,OU=Client,O=MinIO,C=CA", permissions: $ADMIN}
    ]

    return {"scheme": credentials.scheme, "credentials": credentials.credentials}


client = TestClient(app)


def test_security_http_bearer():
    response = client.get("/users/me", headers={"Authorization": "Bearer foobar"})
    assert response.status_code == 200, response.text
    assert response.json() == {"scheme": "Bearer", "credentials": "foobar"}


def test_security_http_bearer_no_credentials():

			Description: `plugin hook endpoint (HTTP(S)) e.g. "http://localhost:8181/path/to/endpoint"` + defaultHelpPostfix(URL),
			Type:        "url",
		},
		config.HelpKV{
			Key:         AuthToken,
			Description: "authorization token for plugin hook endpoint" + defaultHelpPostfix(AuthToken),
			Optional:    true,
			Type:        "string",
			Sensitive:   true,
			Secret:      true,
		},
		config.HelpKV{
			Key:         RolePolicy,

	ret := map[string]string{
		"x-goog-user-project": c.project,
	}
	if err := updateAuthHdrs(ctx, uri, "k8s", c.k8sCreds, ret, "x-mesh-authorization"); err != nil {
		return nil, err
	}
	if err := updateAuthHdrs(ctx, uri, "gcp", c.gcpCreds, ret, "authorization"); err != nil {
		return nil, err
	}
	return ret, nil
}

func (*meshAuthCredentials) RequireTransportSecurity() bool {
	return true
}

	"io"
	"net/http"
	"time"

	"github.com/minio/minio/internal/config"
	xhttp "github.com/minio/minio/internal/http"
	xnet "github.com/minio/pkg/v3/net"
	"github.com/minio/pkg/v3/policy"
)

// Authorization Plugin config and env variables
const (
	URL         = "url"
	AuthToken   = "auth_token"
	EnableHTTP2 = "enable_http2"

	EnvPolicyPluginURL         = "MINIO_POLICY_PLUGIN_URL"