{!../../docs_src/request_forms/tutorial001.py!}
```

🖼, 1️⃣ 🌌 Oauth2️⃣ 🔧 💪 ⚙️ (🤙 "🔐 💧") ⚫️ ✔ 📨 `username` & `password` 📨 🏑.

<abbr title="specification">🔌</abbr> 🚚 🏑 ⚫️❔ 📛 `username` &amp; `password`, &amp; 📨 📨 🏑, 🚫 🎻.

⏮️ `Form` 👆 💪 📣 🎏 📳 ⏮️ `Body` (&amp; `Query`, `Path`, `Cookie`), 🔌 🔬, 🖼, 📛 (✅ `user-name` ↩️ `username`), ♒️.

/// info

`Form` 🎓 👈 😖 🔗 ⚪️➡️ `Body`.

///

/// tip

                    },
                },
                "User": {
                    "title": "User",
                    "required": ["username"],
                    "type": "object",
                    "properties": {
                        "username": {"title": "Username", "type": "string"},
                        "full_name": IsDict(
                            {
                                "title": "Full Name",

from fastapi.testclient import TestClient
from pydantic import BaseModel

app = FastAPI()

api_key = APIKeyCookie(name="key")


class User(BaseModel):
    username: str


def get_current_user(oauth_header: str = Security(api_key)):
    user = User(username=oauth_header)
    return user


@app.get("/users/me")
def read_current_user(current_user: User = Depends(get_current_user)):
    return current_user

from pydantic import BaseModel

app = FastAPI()

api_key = APIKeyCookie(name="key", description="An API Cookie Key")


class User(BaseModel):
    username: str


def get_current_user(oauth_header: str = Security(api_key)):
    user = User(username=oauth_header)
    return user


@app.get("/users/me")
def read_current_user(current_user: User = Depends(get_current_user)):
    return current_user

@app.get("/items/{item_id}")
def get_item(item_id: str, username: str = Depends(get_username)):
    if item_id not in data:
        raise HTTPException(status_code=404, detail="Item not found")
    item = data[item_id]
    if item["owner"] != username:
        raise OwnerError(username)

Um dies zu lösen, konvertieren wir zunächst den `username` und das `password` in UTF-8-codierte `bytes`.

Dann können wir `secrets.compare_digest()` verwenden, um sicherzustellen, dass `credentials.username` `"stanleyjobson"` und `credentials.password` `"swordfish"` ist.

{* ../../docs_src/security/tutorial007_an_py39.py hl[1,12:24] *}

Dies wäre das gleiche wie:

```Python

@app.get("/items/{item_id}")
def get_item(item_id: str, username: Annotated[str, Depends(get_username)]):
    if item_id not in data:
        raise HTTPException(status_code=404, detail="Item not found")
    item = data[item_id]
    if item["owner"] != username:
        raise OwnerError(username)

  /**
   * The decoded username, or an empty string if none is present.
   *
   * | URL                              | `username()` |
   * | :------------------------------- | :----------- |
   * | `http://host/`                   | `""`         |
   * | `http://username@host/`          | `"username"` |
   * | `http://username:password@host/` | `"username"` |
   * | `http://a%20b:c%20d@host/`       | `"a b"`      |

                                    <label for="username" class="col-sm-3 text-sm-right col-form-label"><la:message
                                            key="labels.webauth_username"/></label>
                                    <div class="col-sm-9">
                                        <la:errors property="username"/>
                                        <la:text styleId="username" property="username" styleClass="form-control"/>

Então, vamos rever de um ponto de vista simplificado:

* O usuário digita o `username` e a `senha` no frontend e aperta `Enter`.
* O frontend (rodando no browser do usuário) manda o `username` e a `senha` para uma URL específica na sua API (declarada com `tokenUrl="token"`).
* A API checa aquele `username` e `senha`, e responde com um "token" (nós não implementamos nada disso ainda).