o d @sddlmZmZmZmZmZddlmZddlm Z ddlm Z ddl mZddlmZddlmZddlmZdd lmZmZGd d d ZGd d d eZGdddeZ Gddde ZGddde ZGdddZdS))AnyDictListOptionalUnion) HTTPException)OAuth2) OAuthFlows)Form) SecurityBase)get_authorization_scheme_param)Request)HTTP_401_UNAUTHORIZEDHTTP_403_FORBIDDENc@sfeZdZdZedddeeeddeddeddfdededed ed eed eef d d ZdS)OAuth2PasswordRequestForma This is a dependency class, use it like: @app.post("/login") def login(form_data: OAuth2PasswordRequestForm = Depends()): data = form_data.parse() print(data.username) print(data.password) for scope in data.scopes: print(scope) if data.client_id: print(data.client_id) if data.client_secret: print(data.client_secret) return data It creates the following Form request parameters in your endpoint: grant_type: the OAuth2 spec says it is required and MUST be the fixed string "password". Nevertheless, this dependency class is permissive and allows not passing it. If you want to enforce it, use instead the OAuth2PasswordRequestFormStrict dependency. username: username string. The OAuth2 spec requires the exact field name "username". password: password string. The OAuth2 spec requires the exact field name "password". scope: Optional string. Several scopes (each one a string) separated by spaces. E.g. "items:read items:write users:read profile openid" client_id: optional string. OAuth2 recommends sending the client_id and client_secret (if any) using HTTP Basic auth, as: client_id:client_secret client_secret: optional string. OAuth2 recommends sending the client_id and client_secret (if any) using HTTP Basic auth, as: client_id:client_secret Npassword)defaultregexr grant_typeusernamescope client_id client_secretcCs,||_||_||_||_||_||_dSN)rrrsplitscopesrrselfrrrrrrr B/usr/local/lib/python3.10/dist-packages/fastapi/security/oauth2.py__init__.s    z"OAuth2PasswordRequestForm.__init__)__name__ __module__ __qualname____doc__r strrr"r r r r!r s* "rcsleZdZdZeddeeeddeddeddfdededed ed eed eef fd d ZZS)OAuth2PasswordRequestFormStricta This is a dependency class, use it like: @app.post("/login") def login(form_data: OAuth2PasswordRequestFormStrict = Depends()): data = form_data.parse() print(data.username) print(data.password) for scope in data.scopes: print(scope) if data.client_id: print(data.client_id) if data.client_secret: print(data.client_secret) return data It creates the following Form request parameters in your endpoint: grant_type: the OAuth2 spec says it is required and MUST be the fixed string "password". This dependency is strict about it. If you want to be permissive, use instead the OAuth2PasswordRequestForm dependency class. username: username string. The OAuth2 spec requires the exact field name "username". password: password string. The OAuth2 spec requires the exact field name "password". scope: Optional string. Several scopes (each one a string) separated by spaces. E.g. "items:read items:write users:read profile openid" client_id: optional string. OAuth2 recommends sending the client_id and client_secret (if any) using HTTP Basic auth, as: client_id:client_secret client_secret: optional string. OAuth2 recommends sending the client_id and client_secret (if any) using HTTP Basic auth, as: client_id:client_secret r)rrrNrrrrrcstj||||||ddS)N)rrrrrr)superr"r __class__r r!r"`s  z(OAuth2PasswordRequestFormStrict.__init__) r#r$r%r&r r'rr" __classcell__r r r*r!r(?s*"r(c @sjeZdZedddddeeeeeeefffdeedeede fdd Z d e d eefd d Z dS)rNTflows scheme_name description auto_errorr.r/r0r1cCs&t||d|_|p |jj|_||_dS)N)r.r0) OAuth2Modelmodelr+r#r/r1)rr.r/r0r1r r r!r"ts zOAuth2.__init__requestreturncs,|jd}|s|jrttdddS|S)N AuthorizationNot authenticated) status_codedetail)headersgetr1rr)rr4 authorizationr r r!__call__s zOAuth2.__call__) r#r$r%OAuthFlowsModelrrr'rrboolr"r r=r r r r!rss  rc sfeZdZ    ddedeedeeeefdeedef fdd Zd ed eefd d Z Z S)OAuth2PasswordBearerNTtokenUrlr/rr0r1cs0|si}t||dd}tj||||ddS)N)rAr)rr-r>r)r")rrAr/rr0r1r.r*r r!r"s zOAuth2PasswordBearer.__init__r4r5cJ|jd}t|\}}|r|dkr#|jr!ttdddiddS|SNr6bearerr7zWWW-AuthenticateBearer)r8r9r:r:r;r lowerr1rrrr4r<schemeparamr r r!r=  zOAuth2PasswordBearer.__call__)NNNT r#r$r%r'rrr?r"r r=r,r r r*r!r@s"r@csteZdZ     ddededeedeedeeeefdeed effd d Zd ed eefddZ Z S)OAuth2AuthorizationCodeBearerNTauthorizationUrlrA refreshUrlr/rr0r1c s4|si}t||||dd}tj||||ddS)N)rOrArPr)authorizationCoder-rB) rrOrArPr/rr0r1r.r*r r!r"s  z&OAuth2AuthorizationCodeBearer.__init__r4r5crCrDrGrIr r r!r=rLz&OAuth2AuthorizationCodeBearer.__call__)NNNNTrMr r r*r!rNs,rNc@s$eZdZddeeefddZdS)SecurityScopesNrcCs|pg|_d|j|_dS)N )rjoin scope_str)rrr r r!r"s zSecurityScopes.__init__r)r#r$r%rrr'r"r r r r!rRsrRN)typingrrrrrfastapi.exceptionsrfastapi.openapi.modelsrr2r r>fastapi.param_functionsr fastapi.security.baser fastapi.security.utilsr starlette.requestsr starlette.statusrrrr(r@rNrRr r r r!s       24"+