beraber - Code Search

docs/zh/docs/tutorial/security/first-steps.md

    - 为指定的端点（Endpoint）进行身份验证
    - 因此，用 API 验证身份时，要发送值为 `Bearer` + 令牌的请求头 `Authorization`
    - 假如令牌为 `foobar`，`Authorization` 请求头就是： `Bearer foobar`

## **FastAPI** 的 `OAuth2PasswordBearer`

**FastAPI** 提供了不同抽象级别的安全工具。

本例使用 **OAuth2** 的 **Password** 流以及 **Bearer** 令牌（`Token`）。为此要使用 `OAuth2PasswordBearer` 类。

/// info | 说明

`Bearer` 令牌不是唯一的选择。

但它是最适合这个用例的方案。

Created: Sun Dec 28 07:19:09 GMT 2025

- Last Modified: Mon Nov 18 02:25:44 GMT 2024

- 7K bytes

- Click Count (0)

github.com/tiangolo/fastapi

docs_src/security/tutorial003_py310.py

    user = fake_decode_token(token)
    if not user:
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail="Not authenticated",
            headers={"WWW-Authenticate": "Bearer"},
        )
    return user


async def get_current_active_user(current_user: User = Depends(get_current_user)):
    if current_user.disabled:
        raise HTTPException(status_code=400, detail="Inactive user")

Created: Sun Dec 28 07:19:09 GMT 2025

- Last Modified: Mon Nov 24 19:03:06 GMT 2025

- 2.4K bytes

- Click Count (0)

github.com/tiangolo/fastapi

docs_src/security/tutorial004_an_py39.py

            headers={"WWW-Authenticate": "Bearer"},
        )
    access_token_expires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
    access_token = create_access_token(
        data={"sub": user.username}, expires_delta=access_token_expires
    )
    return Token(access_token=access_token, token_type="bearer")


@app.get("/users/me/", response_model=User)
async def read_users_me(

Created: Sun Dec 28 07:19:09 GMT 2025

- Last Modified: Mon Sep 29 02:57:38 GMT 2025

- 4.2K bytes

- Click Count (0)

github.com/tiangolo/fastapi

tests/test_tutorial/test_authentication_error_status_code/test_tutorial001.py

    )

    client = TestClient(mod.app)
    return client


def test_get_me(client: TestClient):
    response = client.get("/me", headers={"Authorization": "Bearer secrettoken"})
    assert response.status_code == 200
    assert response.json() == {
        "message": "You are authenticated",
        "token": "secrettoken",
    }

Created: Sun Dec 28 07:19:09 GMT 2025

- Last Modified: Wed Dec 17 20:41:43 GMT 2025

- 1.9K bytes

- Click Count (0)

github.com/tiangolo/fastapi

tests/test_top_level_security_scheme_in_openapi.py

@app.get("/", dependencies=[Depends(bearer_scheme)])
async def get_root():
    return {"message": "Hello, World!"}


client = TestClient(app)


def test_get_root():
    response = client.get("/", headers={"Authorization": "Bearer token"})
    assert response.status_code == 200, response.text
    assert response.json() == {"message": "Hello, World!"}


def test_get_root_no_token():
    response = client.get("/")

Created: Sun Dec 28 07:19:09 GMT 2025

- Last Modified: Mon Nov 24 19:03:06 GMT 2025

- 1.9K bytes

- Click Count (0)

github.com/tiangolo/fastapi

docs/zh/docs/tutorial/security/simple-oauth2.md

因此，在端点中，只有当用户存在、通过身份验证、且状态为激活时，才能获得该用户：

{* ../../docs_src/security/tutorial003.py hl[58:67,69:72,90] *}

/// info | 说明

此处返回值为 `Bearer` 的响应头 `WWW-Authenticate` 也是规范的一部分。

任何 401**UNAUTHORIZED**HTTP（错误）状态码都应返回 `WWW-Authenticate` 响应头。

本例中，因为使用的是 Bearer Token，该响应头的值应为 `Bearer`。

实际上，忽略这个附加响应头，也不会有什么问题。

之所以在此提供这个附加响应头，是为了符合规范的要求。

说不定什么时候，就有工具用得上它，而且，开发者或用户也可能用得上。

这就是遵循标准的好处……

///

Created: Sun Dec 28 07:19:09 GMT 2025

- Last Modified: Mon Nov 18 02:25:44 GMT 2024

- 8.6K bytes

- Click Count (0)

github.com/tiangolo/fastapi

fastapi/security/api_key.py

                It is also useful when you want to have authentication that can be
                provided in one of multiple optional ways (for example, in a query
                parameter or in an HTTP Bearer token).
                """
            ),
        ] = True,
    ):
        super().__init__(
            location=APIKeyIn.query,
            name=name,
            scheme_name=scheme_name,

Created: Sun Dec 28 07:19:09 GMT 2025

- Last Modified: Wed Dec 17 21:25:59 GMT 2025

- 9.6K bytes

- Click Count (1)

github.com/tiangolo/fastapi

tests/test_tutorial/test_security/test_tutorial002.py

    assert response.status_code == 401, response.text
    assert response.json() == {"detail": "Not authenticated"}
    assert response.headers["WWW-Authenticate"] == "Bearer"


def test_token(client: TestClient):
    response = client.get("/users/me", headers={"Authorization": "Bearer testtoken"})
    assert response.status_code == 200, response.text
    assert response.json() == {
        "username": "testtokenfakedecoded",

Created: Sun Dec 28 07:19:09 GMT 2025

- Last Modified: Fri Dec 26 10:43:02 GMT 2025

- 2.2K bytes

- Click Count (0)

github.com/tiangolo/fastapi

docs_src/security/tutorial003_py39.py

    user = fake_decode_token(token)
    if not user:
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail="Not authenticated",
            headers={"WWW-Authenticate": "Bearer"},
        )
    return user


async def get_current_active_user(current_user: User = Depends(get_current_user)):
    if current_user.disabled:
        raise HTTPException(status_code=400, detail="Inactive user")

Created: Sun Dec 28 07:19:09 GMT 2025

- Last Modified: Wed Dec 17 20:41:43 GMT 2025

- 2.4K bytes

- Click Count (0)

github.com/tiangolo/fastapi

docs/pt/docs/tutorial/security/first-steps.md

    * Mas precisa de autenticação para aquele endpoint específico.
    * Então, para autenticar com nossa API, ele envia um header `Authorization` com o valor `Bearer ` mais o token.
    * Se o token contém `foobar`, o conteúdo do header `Authorization` seria: `Bearer foobar`.

## O `OAuth2PasswordBearer` do **FastAPI** { #fastapis-oauth2passwordbearer }

Created: Sun Dec 28 07:19:09 GMT 2025

- Last Modified: Wed Nov 12 16:23:57 GMT 2025

- 8.9K bytes

- Click Count (0)

Search Options