ction"==typeof define&&define.amd?define(["jquery"],function(a){return b(a)}):"object"==typeof module&&module.exports?module.exports=b(require("jquery")):b(a.jQuery)}(this,function(a){!function(a,b){"use strict";a.formUtils.registerLoadedModule("security"),a.formUtils.addValidator({name:"spamcheck",validatorFunction:function(a,b){var c=b.valAttr("captcha");return c===a},errorMessage:"",errorMessageKey:"badSecurityAnswer"}),a.formUtils.addValidator({name:"confirmation",validatorFunction:function(b,c,d,e,f){var...

{* ../../docs_src/security/tutorial005_an_py310.py hl[5,9,13,47,65,106,108:116,122:126,130:136,141,157] *}

Now let's review those changes step by step.

## OAuth2 Security scheme { #oauth2-security-scheme }

The first change is that now we are declaring the OAuth2 security scheme with two available scopes, `me` and `items`.

        byte[] buffer = createBasicNegotiateResponseBuffer();

        // Add a small security buffer at a safe offset (after the fixed structure)
        SMBUtil.writeInt2(64, buffer, 56); // Security buffer offset (relative to header start)
        SMBUtil.writeInt2(8, buffer, 58); // Security buffer length

        // Add some dummy security data at offset 64 from start
        buffer[64] = (byte) 0x4E; // NTLMSSP signature start

{* ../../docs_src/security/tutorial005_an_py310.py hl[5,9,13,47,65,106,108:116,122:126,130:136,141,157] *}

接著我們一步一步檢視這些變更。

## OAuth2 安全性方案 { #oauth2-security-scheme }

第一個變更是：我們現在宣告了帶有兩個可用 scope 的 OAuth2 安全性方案，`me` 與 `items`。

參數 `scopes` 接收一個 `dict`，以各 scope 為鍵、其描述為值：

{* ../../docs_src/security/tutorial005_an_py310.py hl[63:66] *}

///

{* ../../docs_src/security/tutorial005_an_py310.py hl[157] *}

## 在*路径操作*与依赖项中声明作用域 { #declare-scopes-in-path-operations-and-dependencies }

现在我们声明，路径操作 `/users/me/items/` 需要作用域 `items`。

为此，从 `fastapi` 导入并使用 `Security`。

你可以用 `Security` 来声明依赖（就像 `Depends` 一样），但 `Security` 还接收一个 `scopes` 参数，其值是作用域（字符串）列表。

在这里，我们把依赖函数 `get_current_active_user` 传给 `Security`（就像用 `Depends` 一样）。

from fastapi.openapi.models import OAuth2 as OAuth2Model
from fastapi.openapi.models import OAuthFlows as OAuthFlowsModel
from fastapi.param_functions import Form
from fastapi.security.base import SecurityBase
from fastapi.security.utils import get_authorization_scheme_param
from starlette.requests import Request
from starlette.status import HTTP_401_UNAUTHORIZED


class OAuth2PasswordRequestForm:
    """

      - tutorial/dependencies/global-dependencies.md
      - tutorial/dependencies/dependencies-with-yield.md
    - Security:
      - tutorial/security/index.md
      - tutorial/security/first-steps.md
      - tutorial/security/get-current-user.md
      - tutorial/security/simple-oauth2.md
      - tutorial/security/oauth2-jwt.md
    - tutorial/middleware.md
    - tutorial/cors.md
    - tutorial/sql-databases.md

    [FastAPI docs for HTTP Basic Auth](https://fastapi.tiangolo.com/advanced/security/http-basic-auth/).

    ## Example

    ```python
    from typing import Annotated

    from fastapi import Depends, FastAPI
    from fastapi.security import HTTPBasic, HTTPBasicCredentials

    app = FastAPI()

    security = HTTPBasic()


    @app.get("/users/me")

        return Stream.of(Arguments.of(OWNER_SECURITY_INFORMATION, "Owner security information only"),
                Arguments.of(GROUP_SECURITY_INFORMATION, "Group security information only"),
                Arguments.of(DACL_SECURITY_INFORMATION, "DACL security information only"),
                Arguments.of(SACL_SECURITY_INFORMATION, "SACL security information only"),

If the token is invalid, return an HTTP error right away.

{* ../../docs_src/security/tutorial004_an_py310.py hl[93:110] *}

## Update the `/token` *path operation* { #update-the-token-path-operation }

Create a `timedelta` with the expiration time of the token.

Create a real JWT access token and return it.

{* ../../docs_src/security/tutorial004_an_py310.py hl[121:136] *}