# Security - First Steps { #security-first-steps }

Let's imagine that you have your **backend** API in some domain.

And you have a **frontend** in another domain or in a different path of the same domain (or in a mobile application).

And you want to have a way for the frontend to authenticate with the backend, using a **username** and **password**.

We can use **OAuth2** to build that with **FastAPI**.

Sebastián Ramírez <******@****.***> 1731896744 +0100

Sebastián Ramírez <******@****.***> 1731170360 +0100

Sebastián Ramírez <******@****.***> 1731896744 +0100

Sebastián Ramírez <******@****.***> 1731896744 +0100

Sebastián Ramírez <******@****.***> 1735583217 +0000

Sebastián Ramírez <******@****.***> 1731896744 +0100

          TAG="quay.io/minio/minio:${{ steps.vars.outputs.sha_short }}" make docker

      - name: multipart uploads test
        run: |
          ${GITHUB_WORKSPACE}/.github/workflows/multipart/migrate.sh "${{ steps.vars.outputs.sha_short }}"

      - name: compress and encrypt
        run: |
          ${GITHUB_WORKSPACE}/.github/workflows/run-mint.sh "compress-encrypt" "minio" "minio123" "${{ steps.vars.outputs.sha_short }}"

jobs:
  changes:
    runs-on: ubuntu-latest
    # Required permissions
    permissions:
      pull-requests: read
    # Set job outputs to values from filter step
    outputs:
      docs: ${{ steps.filter.outputs.docs }}
    steps:
    - uses: actions/checkout@v5
    # For pull requests it's not necessary to checkout the code but for the main branch it is
    - uses: dorny/paths-filter@v3
      id: filter

    maxParallelForks: String = "%maxParallelForks%",
    extraSteps: BuildSteps.() -> Unit = {}, // the steps after runner steps
    preSteps: BuildSteps.() -> Unit = {}, // the steps before runner steps
) {
    buildType.applyDefaultSettings(os, timeout = timeout, buildJvm = buildJvm, arch = arch)

    buildType.steps {
        preSteps()
    }