a c @sddlmZmZmZmZmZddlmZddlm Z ddlm Z ddl mZddlmZddlmZddlmZdd lmZmZGd d d ZGd d d eZGdddeZ Gddde ZGddde ZGdddZdS))AnyDictListOptionalUnion) HTTPException)OAuth2) OAuthFlows)Form) SecurityBase)get_authorization_scheme_param)Request)HTTP_401_UNAUTHORIZEDHTTP_403_FORBIDDENc@s\eZdZdZedddeeeddeddeddfeeeeeeeeddd ZdS) OAuth2PasswordRequestForma This is a dependency class, use it like: @app.post("/login") def login(form_data: OAuth2PasswordRequestForm = Depends()): data = form_data.parse() print(data.username) print(data.password) for scope in data.scopes: print(scope) if data.client_id: print(data.client_id) if data.client_secret: print(data.client_secret) return data It creates the following Form request parameters in your endpoint: grant_type: the OAuth2 spec says it is required and MUST be the fixed string "password". Nevertheless, this dependency class is permissive and allows not passing it. If you want to enforce it, use instead the OAuth2PasswordRequestFormStrict dependency. username: username string. The OAuth2 spec requires the exact field name "username". password: password string. The OAuth2 spec requires the exact field name "password". scope: Optional string. Several scopes (each one a string) separated by spaces. E.g. "items:read items:write users:read profile openid" client_id: optional string. OAuth2 recommends sending the client_id and client_secret (if any) using HTTP Basic auth, as: client_id:client_secret client_secret: optional string. OAuth2 recommends sending the client_id and client_secret (if any) using HTTP Basic auth, as: client_id:client_secret Npassword)defaultregexr grant_typeusernamerscope client_id client_secretcCs,||_||_||_||_||_||_dS)N)rrrsplitscopesrrselfrrrrrrr d/workspaces/shunt/resources/test-fastapi/venv/lib/python3.9/site-packages/fastapi/security/oauth2.py__init__.s  z"OAuth2PasswordRequestForm.__init__)__name__ __module__ __qualname____doc__r strrr"r r r r!r s" rcsbeZdZdZeddeeeddeddeddfeeeeeeeedfdd ZZS) OAuth2PasswordRequestFormStricta This is a dependency class, use it like: @app.post("/login") def login(form_data: OAuth2PasswordRequestFormStrict = Depends()): data = form_data.parse() print(data.username) print(data.password) for scope in data.scopes: print(scope) if data.client_id: print(data.client_id) if data.client_secret: print(data.client_secret) return data It creates the following Form request parameters in your endpoint: grant_type: the OAuth2 spec says it is required and MUST be the fixed string "password". This dependency is strict about it. If you want to be permissive, use instead the OAuth2PasswordRequestForm dependency class. username: username string. The OAuth2 spec requires the exact field name "username". password: password string. The OAuth2 spec requires the exact field name "password". scope: Optional string. Several scopes (each one a string) separated by spaces. E.g. "items:read items:write users:read profile openid" client_id: optional string. OAuth2 recommends sending the client_id and client_secret (if any) using HTTP Basic auth, as: client_id:client_secret client_secret: optional string. OAuth2 recommends sending the client_id and client_secret (if any) using HTTP Basic auth, as: client_id:client_secret r)rrrNrcstj||||||ddS)Nr)superr"r __class__r r!r"`s z(OAuth2PasswordRequestFormStrict.__init__) r#r$r%r&r r'rr" __classcell__r r r*r!r(?s"r(c@sbeZdZeddddeeeeeeefffeeeee dddZ e eedddZ dS) rNTflows scheme_name description auto_errorcCs&t||d|_|p|jj|_||_dS)N)r.r0) OAuth2Modelmodelr+r#r/r1)rr.r/r0r1r r r!r"tszOAuth2.__init__requestreturncs,|jd}|s(|jr$ttddndS|S)N AuthorizationNot authenticated) status_codedetail)headersgetr1rr)rr5 authorizationr r r!__call__s zOAuth2.__call__) r#r$r%OAuthFlowsModelrrr'rrboolr"r r>r r r r!rss rcsTeZdZd eeeeeeefeeedfdd ZeeedddZ Z S) OAuth2PasswordBearerNT)tokenUrlr/rr0r1cs0|si}t||dd}tj||||ddS)N)rBr)rr-r?r)r")rrBr/rr0r1r.r*r r!r"szOAuth2PasswordBearer.__init__r4csJ|jd}t|\}}|r(|dkrF|jrBttdddidndS|SNr7Zbearerr8zWWW-AuthenticateZBearer)r9r:r;r;r<r lowerr1rrrr5r=schemeparamr r r!r>s  zOAuth2PasswordBearer.__call__)NNNT r#r$r%r'rrr@r"r r>r,r r r*r!rAsrAc s\eZdZd eeeeeeeeeefeeedfdd ZeeedddZ Z S) OAuth2AuthorizationCodeBearerNT)authorizationUrlrB refreshUrlr/rr0r1c s4|si}t||||dd}tj||||ddS)N)rLrBrMr)ZauthorizationCoder-rC) rrLrBrMr/rr0r1r.r*r r!r"s z&OAuth2AuthorizationCodeBearer.__init__r4csJ|jd}t|\}}|r(|dkrF|jrBttdddidndS|SrDrErGr r r!r>s  z&OAuth2AuthorizationCodeBearer.__call__)NNNNTrJr r r*r!rKsrKc@s$eZdZdeeedddZdS)SecurityScopesN)rcCs|pg|_d|j|_dS)N )rjoinZ scope_str)rrr r r!r"s zSecurityScopes.__init__)N)r#r$r%rrr'r"r r r r!rNsrNN)typingrrrrrZfastapi.exceptionsrZfastapi.openapi.modelsrr2r r?Zfastapi.param_functionsr Zfastapi.security.baser Zfastapi.security.utilsr Zstarlette.requestsr Zstarlette.statusrrrr(rArKrNr r r r!s       24"+