# Simple OAuth2 with Password and Bearer

Now let's build from the previous chapter and add the missing parts to have a complete security flow.

## Get the `username` and `password`

We are going to use **FastAPI** security utilities to get the `username` and `password`.

OAuth2 specifies that when using the "password flow" (that we are using) the client/user must send a `username` and `password` fields as form data.

!!! tip

    }
  }
}

suspend fun main() {
  val client = OkHttpClient()

  val scraper = SslLabsScraper(client)

  println(scraper.query())

  client.connectionPool.evictAll()
  client.dispatcher.executorService.shutdown()

The main idea is exactly the same you saw in that previous chapter.

## Add tests for the SQL app

Let's update the example from [SQL (Relational) Databases](../tutorial/sql-databases.md){.internal-link target=_blank} to use a testing database.

All the app code is the same, you can go back to that chapter check how it was.

The only changes here are in the new testing file.

# Get Current User

In the previous chapter the security system (which is based on the dependency injection system) was giving the *path operation function* a `token` as a `str`:

=== "Python 3.9+"

    ```Python hl_lines="12"
    {!> ../../../docs_src/security/tutorial001_an_py39.py!}
    ```

=== "Python 3.8+"

    ```Python hl_lines="11"
    {!> ../../../docs_src/security/tutorial001_an.py!}
    ```

=== "Python 3.8+ non-Annotated"

But for now, let's check these important **conceptual ideas**. These concepts also apply to any other type of web API. 💡

## Security - HTTPS

In the [previous chapter about HTTPS](./https.md){.internal-link target=_blank} we learned about how HTTPS provides encryption for your API.

This text was produced by Project Gutenberg www.gutenberg.org,
an organization that produces free electronic books, mostly of
works old enough that they have passed into the public domain.


                            CHAPTER I

                      Down the Rabbit-Hole


  Alice was beginning to get very tired of sitting by her sister
on the bank, and of having nothing to do:  once or twice she had

This code is something you can actually use in your application, save the password hashes in your database, etc.

We are going to start from where we left in the previous chapter and increment it.

## About JWT

JWT means "JSON Web Tokens".

It's a standard to codify a JSON object in a long dense string without spaces. It looks like this:

```

But even if you never use **FastAPI**, you would benefit from learning a bit about them.

!!! note
    If you are a Python expert, and you already know everything about type hints, skip to the next chapter.

## Motivation

Let's start with a simple example:

```Python
{!../../../docs_src/python_types/tutorial001.py!}
```

Calling this program outputs:

```
John Doe
```

 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

// https://www.eclipse.org/jetty/documentation/current/alpn-chapter.html#alpn-versions
private fun alpnBootVersionForPatchVersion(patchVersion: Int): String? {
  return when (patchVersion) {
    in 0..24 -> "8.1.0.v20141016"
    in 25..30 -> "8.1.2.v20141202"