"content": {"application/json": {"schema": {}}},
                            },
                            "422": {
                                "description": "Validation Error",
                                "content": {
                                    "application/json": {
                                        "schema": {

# Security - First Steps { #security-first-steps }

Let's imagine that you have your **backend** API in some domain.

And you have a **frontend** in another domain or in a different path of the same domain (or in a mobile application).

And you want to have a way for the frontend to authenticate with the backend, using a **username** and **password**.

We can use **OAuth2** to build that with **FastAPI**.

        // Now test the favorites API
        Map<String, String> params = new HashMap<>();
        params.put("queryId", queryId);

        given().contentType("application/json")
                .params(params)
                .when()
                .get("/api/v1/favorites")
                .then()
                .statusCode(200)

mvn license:format      # Add license headers
```

## Directory Structure

```
src/main/java/org/codelibs/fess/
├── FessBoot.java              # Application entry point
├── Constants.java             # Central application constants
├── app/
│   ├── web/                   # Controllers (Actions)
│   │   ├── base/              # Base action classes (FessBaseAction, FessAdminAction)

      ExecutorService service, long terminationTimeout, TimeUnit timeUnit) {
    new Application().addDelayedShutdownHook(service, terminationTimeout, timeUnit);
  }

  /** Represents the current application to register shutdown hooks. */
  @J2ktIncompatible
  @GwtIncompatible // TODO
  @VisibleForTesting
  static class Application {

    final ExecutorService getExitingExecutorService(

It is not very popular or used nowadays.

OAuth2 doesn't specify how to encrypt the communication, it expects you to have your application served with HTTPS.

/// tip

In the section about **deployment** you will see how to set up HTTPS for free, using Traefik and Let's Encrypt.

///

## OpenID Connect { #openid-connect }

### Configure Casdoor

- Go to Applications
  - Create or use an existing Casdoor application
  - Edit the application
    - Copy `Client ID` and `Client secret`
    - Add your redirect url (callback url) to `Redirect URLs`
    - Save

- Go to Users
  - Edit the user

 * limitations under the License.
 */
package okhttp.android.testapp

import android.annotation.SuppressLint
import android.app.Application
import android.os.Build
import okhttp3.OkHttp

class TestApplication : Application() {
  override fun onCreate() {
    super.onCreate()

    if (isSecondaryProcess()) {
      OkHttp.initialize(applicationContext)
    }
  }

                                "content": {"application/json": {"schema": {}}},
                            },
                            "422": {
                                "description": "Validation Error",
                                "content": {
                                    "application/json": {
                                        "schema": {

	// Some standard content-types which we strictly dis-allow for compression.
	standardExcludeCompressContentTypes = []string{"video/*", "audio/*", "application/zip", "application/x-gzip", "application/x-zip-compressed", " application/x-compress", "application/x-spoon"}

	// AuthZ Plugin system.
	globalAuthZPlugin *polplugin.AuthZPlugin

	// Deployment ID - unique per deployment