# 패스워드와 Bearer를 이용한 간단한 OAuth2

이제 이전 장에서 빌드하고 누락된 부분을 추가하여 완전한 보안 흐름을 갖도록 하겠습니다.

## `username`와 `password` 얻기

**FastAPI** 보안 유틸리티를 사용하여 `username` 및 `password`를 가져올 것입니다.

OAuth2는 (우리가 사용하고 있는) "패스워드 플로우"을 사용할 때 클라이언트/유저가 `username` 및 `password` 필드를 폼 데이터로 보내야 함을 지정합니다.

그리고 사양에는 필드의 이름을 그렇게 지정해야 한다고 나와 있습니다. 따라서 `user-name` 또는 `email`은 작동하지 않습니다.

하지만 걱정하지 않아도 됩니다. 프런트엔드에서 최종 사용자에게 원하는 대로 표시할 수 있습니다.

그리고 데이터베이스 모델은 원하는 다른 이름을 사용할 수 있습니다.

	HelpPostgres = config.HelpKVS{
		config.HelpKV{
			Key:         target.PostgresConnectionString,
			Description: `Postgres server connection-string e.g. "host=localhost port=5432 dbname=minio_events user=postgres password=password sslmode=disable"`,
			Type:        "string",
			Sensitive:   true,
		},
		config.HelpKV{
			Key:         target.PostgresTable,
			Description: "DB table name to store/update events, table is auto-created",

errors.invalid_kuromoji_segmentation=The number of segmentations {0} does not the match number of readings {1}.
errors.invalid_str_is_included="{1}" in "{0}" is invalid.
errors.blank_password=Password is required.
errors.invalid_confirm_password=Confirm Password does not match.
errors.cannot_delete_doc_because_of_running=Crawler is running. The document cannot be deleted.
errors.failed_to_delete_doc_in_admin=Failed to delete document.

errors.invalid_kuromoji_segmentation=The number of segmentations {0} does not the match number of readings {1}.
errors.invalid_str_is_included="{1}" in "{0}" is invalid.
errors.blank_password=Password is required.
errors.invalid_confirm_password=Confirm Password does not match.
errors.cannot_delete_doc_because_of_running=Crawler is running. The document cannot be deleted.
errors.failed_to_delete_doc_in_admin=Failed to delete document.

    private static final String LOGIN_URL = "login_url";

    private static final String LOGIN_PARAMETERS = "login_parameters";

    private static final String PASSWORD = "${password}";

    private static final String USERNAME = "${username}";

    private final Map<String, String> parameterMap;

    public FormScheme(final Map<String, String> parameterMap) {

            final String username = userCredential.getUser();
            final String password = userCredential.getPassword();
            if (!fessConfig.isAdminUser(username)) {
                final OptionalEntity<FessUser> ldapUser = ComponentUtil.getLdapManager().login(username, password);
                if (ldapUser.isPresent()) {
                    return ldapUser;
                }
            }

    with pytest.raises(RuntimeError, match=multipart_incorrect_install_error):
        app = FastAPI()

        @app.post("/")
        async def root(username: str = Form(), password: str = Form()):
            return username  # pragma: nocover


def test_incorrect_multipart_installed_form_file(monkeypatch):
    monkeypatch.setattr("python_multipart.__version__", "0.0.12")

        chains().of(stream -> stream.forEach(c -> c.update(user)));
    }

    public boolean changePassword(final String username, final String password) {
        return chains().get(stream -> stream.allMatch(c -> c.changePassword(username, password)));
    }

    public void delete(final User user) {
        chains().of(stream -> stream.forEach(c -> c.delete(user)));
    }

```Python hl_lines="7"
{!../../docs_src/request_forms/tutorial001.py!}
```

🖼, 1️⃣ 🌌 Oauth2️⃣ 🔧 💪 ⚙️ (🤙 "🔐 💧") ⚫️ ✔ 📨 `username` & `password` 📨 🏑.

<abbr title="specification">🔌</abbr> 🚚 🏑 ⚫️❔ 📛 `username` &amp; `password`, &amp; 📨 📨 🏑, 🚫 🎻.

⏮️ `Form` 👆 💪 📣 🎏 📳 ⏮️ `Body` (&amp; `Query`, `Path`, `Cookie`), 🔌 🔬, 🖼, 📛 (✅ `user-name` ↩️ `username`), ♒️.

/// info

        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
        with:
          registry: gcr.io
          username: _json_key
          password: ${{ secrets.GCP_CREDS }}
      -
        name: Login to AR
        # Once this is verified, change the label's name. For now, we will piggyback on gcr.io actions.