# Security - First Steps { #security-first-steps }

Let's imagine that you have your **backend** API in some domain.

And you have a **frontend** in another domain or in a different path of the same domain (or in a mobile application).

And you want to have a way for the frontend to authenticate with the backend, using a **username** and **password**.

We can use **OAuth2** to build that with **FastAPI**.

Sebastián Ramírez <******@****.***> 1731896744 +0100

# Segurança - Primeiros Passos { #security-first-steps }

Vamos imaginar que você tem a sua API de **backend** em algum domínio.

E você tem um **frontend** em outro domínio ou em um path diferente no mesmo domínio (ou em uma aplicação mobile).

E você quer uma maneira de o frontend autenticar com o backend, usando um **username** e **password**.

Podemos usar **OAuth2** para construir isso com o **FastAPI**.

# Seguridad - Primeros pasos { #security-first-steps }

Imaginemos que tienes tu API de **backend** en algún dominio.

Y tienes un **frontend** en otro dominio o en un path diferente del mismo dominio (o en una aplicación móvil).

Y quieres tener una forma para que el frontend se autentique con el backend, usando un **username** y **password**.

Podemos usar **OAuth2** para construir eso con **FastAPI**.

          TAG="quay.io/minio/minio:${{ steps.vars.outputs.sha_short }}" make docker

      - name: multipart uploads test
        run: |
          ${GITHUB_WORKSPACE}/.github/workflows/multipart/migrate.sh "${{ steps.vars.outputs.sha_short }}"

      - name: compress and encrypt
        run: |
          ${GITHUB_WORKSPACE}/.github/workflows/run-mint.sh "compress-encrypt" "minio" "minio123" "${{ steps.vars.outputs.sha_short }}"

    @BeforeEach
    fun setUp() {
        val stepsCapturer = slot<BuildSteps.() -> Unit>()
        every { buildType.steps } returns steps
        every { buildType.stage } returns buildModel.stages[2]
        every {
            buildType.steps(capture(stepsCapturer))
        } answers {
            stepsCapturer.captured(steps)
            mockk()
        }
    }

    @Test
    fun `can apply defaults to configurations`() {

jobs:
  changes:
    runs-on: ubuntu-latest
    # Required permissions
    permissions:
      pull-requests: read
    # Set job outputs to values from filter step
    outputs:
      docs: ${{ steps.filter.outputs.docs }}
    steps:
    - uses: actions/checkout@v6
    # For pull requests it's not necessary to checkout the code but for the main branch it is
    - uses: dorny/paths-filter@v3
      id: filter

    maxParallelForks: String = "%maxParallelForks%",
    extraSteps: BuildSteps.() -> Unit = {}, // the steps after runner steps
    preSteps: BuildSteps.() -> Unit = {}, // the steps before runner steps
) {
    buildType.applyDefaultSettings(os, timeout = timeout, buildJvm = buildJvm, arch = arch)

    buildType.steps {
        preSteps()
    }

      - run: ./gradlew compileAll -DdisableLocalCache=true ${{ steps.determine-sys-prop-args.outputs.sys-prop-args }}
      - uses: actions/upload-artifact@v6
        if: always()
        with:
          name: build-receipt.properties
          path: platforms/core-runtime/base-services/build/generated-resources/build-receipt/org/gradle/build-receipt.properties
    outputs:
      matrix: ${{ steps.setup-matrix.outputs.matrix }}

        include:
          - os: windows-latest
            java: 21
            root-pom: pom.xml
    runs-on: ${{ matrix.os }}
    env:
      ROOT_POM: ${{ matrix.root-pom }}
    steps:
      # Cancel any previous runs for the same branch that are still running.
      - name: 'Cancel previous runs'
        uses: styfle/cancel-workflow-action@85880fa0301c86cca9da44039ee3bb12d3bedbfa # 0.12.1
        with: