<properties>
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
      </properties>
    </profile>
    <profile>
      <id>file</id>
      <activation>
        <file>
          <exists>simple.xml</exists>
        </file>
      </activation>
      <properties>
        <profile.file>activated</profile.file>
      </properties>
    </profile>
  </profiles>

# Simple OAuth2 with Password and Bearer { #simple-oauth2-with-password-and-bearer }

Now let's build from the previous chapter and add the missing parts to have a complete security flow.

## Get the `username` and `password` { #get-the-username-and-password }

We are going to use **FastAPI** security utilities to get the `username` and `password`.

Elliotte Rusty Harold <******@****.***> 1753117790 +0000

Sebastián Ramírez <******@****.***> 1731896744 +0100

Projenize dahil etmek için `from starlette.staticfiles import StaticFiles` kullanabilirsiniz.

**FastAPI**, geliştiricilere kolaylık sağlamak amacıyla `starlette.staticfiles`'ı `fastapi.staticfiles` olarak sağlar. Ancak `StaticFiles` sınıfı aslında doğrudan Starlette'den gelir.

///

### Bağlama (Mounting) Nedir?

Eso le dice al navegador que muestre el prompt integrado para un nombre de usuario y contraseña.

Luego, cuando escribes ese nombre de usuario y contraseña, el navegador los envía automáticamente en el header.

## Simple HTTP Basic Auth { #simple-http-basic-auth }

* Importa `HTTPBasic` y `HTTPBasicCredentials`.
* Crea un "esquema de `security`" usando `HTTPBasic`.
* Usa ese `security` con una dependencia en tu *path operation*.

That tells the browser to show the integrated prompt for a username and password.

Then, when you type that username and password, the browser sends them in the header automatically.

## Simple HTTP Basic Auth { #simple-http-basic-auth }

* Import `HTTPBasic` and `HTTPBasicCredentials`.
* Create a "`security` scheme" using `HTTPBasic`.
* Use that `security` with a dependency in your *path operation*.

* external APIs
* authentication and authorization systems
* API usage monitoring systems
* response data injection systems
* etc.

## Simple and Powerful { #simple-and-powerful }

Although the hierarchical dependency injection system is very simple to define and use, it's still very powerful.

You can define dependencies that in turn can define dependencies themselves.

Let's imagine that loading the model can **take quite some time**, because it has to read a lot of **data from disk**. So you don't want to do it for every request.

The authentication flow is similar to that of OpenID, however the token is "opaque" to MinIO - it is simply sent to the plugin for verification. CAVEAT: There is no console UI integration for this method of authentication and it is intended primarily for machine authentication.