# Simple OAuth2 with Password and Bearer { #simple-oauth2-with-password-and-bearer }

Now let's build from the previous chapter and add the missing parts to have a complete security flow.

## Get the `username` and `password` { #get-the-username-and-password }

We are going to use **FastAPI** security utilities to get the `username` and `password`.

Sebastián Ramírez <******@****.***> 1731896744 +0100

Projenize dahil etmek için `from starlette.staticfiles import StaticFiles` kullanabilirsiniz.

**FastAPI**, geliştiricilere kolaylık sağlamak amacıyla `starlette.staticfiles`'ı `fastapi.staticfiles` olarak sağlar. Ancak `StaticFiles` sınıfı aslında doğrudan Starlette'den gelir.

///

### Bağlama (Mounting) Nedir?

That tells the browser to show the integrated prompt for a username and password.

Then, when you type that username and password, the browser sends them in the header automatically.

## Simple HTTP Basic Auth { #simple-http-basic-auth }

* Import `HTTPBasic` and `HTTPBasicCredentials`.
* Create a "`security` scheme" using `HTTPBasic`.
* Use that `security` with a dependency in your *path operation*.

* Imponer seguridad, autenticación, requisitos de roles, etc.
* Y muchas otras cosas...

Todo esto, mientras minimizas la repetición de código.

## Primeros Pasos

Veamos un ejemplo muy simple. Será tan simple que no es muy útil, por ahora.

Pero de esta manera podemos enfocarnos en cómo funciona el sistema de **Inyección de Dependencias**.

### Crear una dependencia, o "dependable"

Let's imagine that loading the model can **take quite some time**, because it has to read a lot of **data from disk**. So you don't want to do it for every request.

* external APIs
* authentication and authorization systems
* API usage monitoring systems
* response data injection systems
* etc.

## Simple and Powerful { #simple-and-powerful }

Although the hierarchical dependency injection system is very simple to define and use, it's still very powerful.

You can define dependencies that in turn can define dependencies themselves.

Eso le dice al navegador que muestre el prompt integrado para un nombre de usuario y contraseña.

Luego, cuando escribes ese nombre de usuario y contraseña, el navegador los envía automáticamente en el header.

## Simple HTTP Basic Auth

* Importa `HTTPBasic` y `HTTPBasicCredentials`.
* Crea un "esquema de `security`" usando `HTTPBasic`.
* Usa ese `security` con una dependencia en tu *path operation*.

Download [`certgen`](https://github.com/minio/certgen/releases/latest) for your specific operating system and platform.

`certgen` is a simple *Go* tool to generate self-signed certificates, and provides SAN certificates with DNS and IP entries:

```sh
./certgen -host "10.10.0.3,10.10.0.4,10.10.0.5"
```

A response similar to this one should be displayed:

```
2018/11/21 10:16:18 wrote public.crt
2018/11/21 10:16:18 wrote private.key
```

The authentication flow is similar to that of OpenID, however the token is "opaque" to MinIO - it is simply sent to the plugin for verification. CAVEAT: There is no console UI integration for this method of authentication and it is intended primarily for machine authentication.