"title": "UserIn",
                        "required": ["username", "password", "email"],
                        "type": "object",
                        "properties": {
                            "username": {"title": "Username", "type": "string"},
                            "password": {"title": "Password", "type": "string"},
                            "email": {

		ACB_SVRTRUST               = 0x00000100, /* 1 = Server trust account */
		ACB_PWNOEXP                = 0x00000200, /* 1 = User password does not expire */
		ACB_AUTOLOCK               = 0x00000400, /* 1 = Account auto locked */
		ACB_ENC_TXT_PWD_ALLOWED    = 0x00000800, /* 1 = Encryped text password is allowed */
		ACB_SMARTCARD_REQUIRED     = 0x00001000, /* 1 = Smart Card required */

但在本例中，**FastAPI** 应用会处理 API 与身份验证。

下面，我们来看一下简化的运行流程：

- 用户在前端输入 `username` 与`password`，并点击**回车**
- （用户浏览器中运行的）前端把 `username` 与`password` 发送至 API 中指定的 URL（使用 `tokenUrl="token"` 声明）
- API 检查 `username` 与`password`，并用令牌（`Token`） 响应（暂未实现此功能）：
  - 令牌只是用于验证用户的字符串
  - 一般来说，令牌会在一段时间后过期
    - 过时后，用户要再次登录
    - 这样一来，就算令牌被人窃取，风险也较低。因为它与永久密钥不同，**在绝大多数情况下**不会长期有效
- 前端临时将令牌存储在某个位置
- 用户点击前端，前往前端应用的其它部件
- 前端需要从 API 中提取更多数据：

    return {"username": credentials.username, "password": credentials.password}


client = TestClient(app)


def test_security_http_basic():
    response = client.get("/users/me", auth=("john", "secret"))
    assert response.status_code == 200, response.text
    assert response.json() == {"username": "john", "password": "secret"}


def test_security_http_basic_no_credentials():

UserInDB(**user_dict)
```

以下と同等の結果になります:

```Python
UserInDB(
    username="john",
    password="secret",
    email="******@****.***",
    full_name=None,
)
```

もっと正確に言えば、`user_dict`を将来的にどんな内容であっても直接使用することになります:

```Python
UserInDB(
    username = user_dict["username"],
    password = user_dict["password"],
    email = user_dict["email"],
    full_name = user_dict["full_name"],
)
```

        final String username = fessConfig.getFesenUsername();
        final String password = fessConfig.getFesenPassword();
        if (StringUtil.isNotBlank(username) && StringUtil.isNotBlank(password)) {
            builder.put(Constants.FESEN_USERNAME, username);
            builder.put(Constants.FESEN_PASSWORD, password);
        }
        final String authorities = fessConfig.getFesenHttpSslCertificateAuthorities();

    @Test
    public void testEncryptDecryptLongPassword() throws Exception {
        // Test with very long password
        char[] plaintext = new char[10000];
        Arrays.fill(plaintext, 'X');

        byte[] encrypted = storage.encryptCredentials(plaintext);
        assertNotNull(encrypted, "Encrypted long password should not be null");

        return Base64.getEncoder().encodeToString(type1Message.toByteArray());
    }

    /**
     * Generates a Type 3 NTLM message.
     *
     * @param username the username
     * @param password the password
     * @param domain the domain
     * @param workstation the workstation
     * @param challenge the Type 2 challenge message
     * @return the Base64-encoded Type 3 message

            raise self.make_not_authenticated_error() from e
        username, separator, password = data.partition(":")
        if not separator:
            raise self.make_not_authenticated_error()
        return HTTPBasicCredentials(username=username, password=password)


class HTTPBearer(HTTPBase):
    """
    HTTP Bearer token authentication.

    ## Usage

{* ../../docs_src/request_forms/tutorial001_an_py39.py hl[9] *}

Наприклад, один зі способів використання специфікації OAuth2 (так званий "password flow") вимагає надсилати `username` та `password` як поля форми.

<abbr title="Специфікація">spec</abbr> вимагає, щоб ці поля мали точні назви `username` і `password` та надсилалися у вигляді полів форми, а не JSON.