Et il peut aussi être utilisé par vous-même, pour déboguer, vérifier et tester la même application.

## Le flux `password` { #the-password-flow }

Revenons un peu en arrière et comprenons de quoi il s'agit.

Le « flux » `password` est l'une des manières (« flows ») définies dans OAuth2 pour gérer la sécurité et l'authentification.

        // Credentials
        final CredentialsConfig credentials = new CredentialsConfig();
        credentials.setUsername(username);
        final String password = paramMap.get(prefix + "password");
        credentials.setPassword(password == null ? StringUtil.EMPTY : password);
        if (Constants.NTLM.equals(scheme)) {
            credentials.setType(CredentialsType.NTLM);
            credentials.setDomain(paramMap.get(prefix + "domain"));

            user.clearOriginalPassword();
        }
    }

    /**
     * Changes the password for a user identified by username.
     * Updates both the authentication manager and the database with the new encrypted password.
     *
     * @param username the username of the user
     * @param password the new password in plain text
     * @throws FessUserNotFoundException if the user is not found
     */

# Simples OAuth2 com senha e Bearer { #simple-oauth2-with-password-and-bearer }

Agora vamos construir a partir do capítulo anterior e adicionar as partes que faltam para ter um fluxo de segurança completo.

## Obtenha o `username` e a `password` { #get-the-username-and-password }

É utilizado o utils de segurança da **FastAPI** para obter o `username` e a `password`.

```Python
UserInDB(**user_dict)
```

就会生成如下结果：

```Python
UserInDB(
    username="john",
    password="secret",
    email="******@****.***",
    full_name=None,
)
```

或更精准，直接使用 `user_dict`（无论它将来包含什么字段）：

```Python
UserInDB(
    username = user_dict["username"],
    password = user_dict["password"],
    email = user_dict["email"],
    full_name = user_dict["full_name"],
)
```

def get_password_hash(password):
    return password_hash.hash(password)


def get_user(db, username: str):
    if username in db:
        user_dict = db[username]
        return UserInDB(**user_dict)


def authenticate_user(fake_db, username: str, password: str):
    user = get_user(fake_db, username)
    if not user:
        verify_password(password, DUMMY_HASH)
        return False

# OAuth2 simple avec Password et Bearer { #simple-oauth2-with-password-and-bearer }

Construisons maintenant à partir du chapitre précédent et ajoutons les éléments manquants pour avoir un flux de sécurité complet.

## Obtenir `username` et `password` { #get-the-username-and-password }

Nous allons utiliser les utilités de sécurité de **FastAPI** pour obtenir `username` et `password`.

 */

/**
 * Provides the API for the Maven Password Encryption tool ({@code mvnenc}).
 *
 * <p>This package contains interfaces and classes for the password encryption tool,
 * which helps secure sensitive information in Maven settings and configuration files.</p>
 *
 * <p>Key features include:</p>
 * <ul>
 *   <li>Password encryption and decryption</li>
 *   <li>Master password management</li>

 */
@Deprecated(since = "4.0.0")
public interface SettingsDecryptionRequest {

    /**
     * Gets the servers whose passwords should be decrypted.
     *
     * @return The servers to decrypt, never {@code null}.
     */
    List<Server> getServers();

    /**
     * Sets the servers whose passwords should be decrypted.
     *
     * @param servers The servers to decrypt, may be {@code null}.

Puede ser utilizada por aplicaciones y sistemas de terceros.

Y también puede ser utilizada por ti mismo, para depurar, revisar y probar la misma aplicación.

## El flujo `password` { #the-password-flow }

Ahora retrocedamos un poco y entendamos qué es todo eso.

El "flujo" `password` es una de las formas ("flujos") definidas en OAuth2, para manejar la seguridad y la autenticación.