You can input an access token on the properties window of this assertion. That's what "given one" means. When you provide a give token, token in header, or in query string are not allowed.
The main purpose of this assertion is to validate the token location, you can specify only allow token from header (or parameter, or "given one")
In any case, the token cannot appear at multiple locations, token cannot be empty, token cannot contain space.