# Security Policy

Security is very important for FastAPI and its community. 🔒

Learn more about it below. 👇

## Versions

The latest version of FastAPI is supported.

You are encouraged to [write tests](https://fastapi.tiangolo.com/tutorial/testing/) for your application and update your FastAPI version frequently after ensuring that your tests are passing. This way you will benefit from the latest features, bug fixes, and **security fixes**.

///

{* ../../docs_src/security/tutorial005_an_py310.py hl[155] *}

## Scopes in *Pfadoperationen* und Abhängigkeiten deklarieren

Jetzt deklarieren wir, dass die *Pfadoperation* für `/users/me/items/` den Scope `items` erfordert.

Dazu importieren und verwenden wir `Security` von `fastapi`.

# Security { #security }

There are many ways to handle security, authentication and authorization.

And it normally is a complex and "difficult" topic.

In many frameworks and systems just handling security and authentication takes a big amount of effort and code (in many cases it can be 50% or more of all the code written).

All the security utilities that integrate with OpenAPI (and the automatic API docs) inherit from `SecurityBase`, that's how **FastAPI** can know how to integrate them in OpenAPI.

///

///

{* ../../docs_src/security/tutorial005.py hl[156] *}

## 📣 ↔ *➡ 🛠️* & 🔗

🔜 👥 📣 👈 *➡ 🛠️* `/users/me/items/` 🚚 ↔ `items`.

👉, 👥 🗄 & ⚙️ `Security` ⚪️➡️ `fastapi`.

👆 💪 ⚙️ `Security` 📣 🔗 (💖 `Depends`), ✋️ `Security` 📨 🔢 `scopes` ⏮️ 📇 ↔ (🎻).

👉 💼, 👥 🚶‍♀️ 🔗 🔢 `get_current_active_user` `Security` (🎏 🌌 👥 🔜 ⏮️ `Depends`).

///

{* ../../docs_src/security/tutorial005_an_py310.py hl[156] *}

## Declarar scopes en *path operations* y dependencias

Ahora declaramos que la *path operation* para `/users/me/items/` requiere el scope `items`.

Para esto, importamos y usamos `Security` de `fastapi`.

# Simple OAuth2 with Password and Bearer { #simple-oauth2-with-password-and-bearer }

Now let's build from the previous chapter and add the missing parts to have a complete security flow.

## Get the `username` and `password` { #get-the-username-and-password }

We are going to use **FastAPI** security utilities to get the `username` and `password`.

///

{* ../../docs_src/security/tutorial005_an_py310.py hl[156] *}

## Declare escopos em *operações de rota* e dependências

Agora nós declaramos que a *operação de rota* para `/users/me/items/` exige o escopo `items`.

Para isso, nós importamos e utilizamos `Security` de `fastapi`.

import jcifs.CIFSException;
import jcifs.DialectVersion;

/**
 * Security configuration tests
 *
 * Verifies that default security settings are properly configured
 * according to SMB security best practices.
 */
@RunWith(JUnit4.class)
public class SecurityConfigurationTest {

    /**
     * Test that default security settings meet minimum security requirements
     */
    @Test

      - tutorial/dependencies/global-dependencies.md
      - tutorial/dependencies/dependencies-with-yield.md
    - Security:
      - tutorial/security/index.md
      - tutorial/security/first-steps.md
      - tutorial/security/get-current-user.md
      - tutorial/security/simple-oauth2.md
      - tutorial/security/oauth2-jwt.md
    - tutorial/middleware.md
    - tutorial/cors.md
    - tutorial/sql-databases.md