apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
  name: httpbin-1
  namespace: foo
spec:
  selector:
    matchLabels:
      app: httpbin
      version: v1
  rules:
  - to:
    - operation:
        methods: ["GET", "POST"]
---
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
  name: httpbin-2
  namespace: foo
spec:
  selector:
    matchLabels:

			Authorization: &security.Authorization{
				Name:      staticStrictPolicyName,
				Namespace: meshCfg.GetRootNamespace(),
				Scope:     security.Scope_WORKLOAD_SELECTOR,
				Action:    security.Action_DENY,
				Groups: []*security.Group{
					{
						Rules: []*security.Rules{
							{
								Matches: []*security.Match{
									{
										NotPrincipals: []*security.StringMatch{
											{

=== "Python 3.10+"

    ```Python hl_lines="4  78"
    {!> ../../../docs_src/security/tutorial003_an_py310.py!}
    ```

=== "Python 3.9+"

    ```Python hl_lines="4  78"
    {!> ../../../docs_src/security/tutorial003_an_py39.py!}
    ```

=== "Python 3.8+"

    ```Python hl_lines="4  79"
    {!> ../../../docs_src/security/tutorial003_an.py!}
    ```

=== "Python 3.10+ non-Annotated"

    !!! tip

import java.io.IOException
import java.security.KeyStore
import java.security.SecureRandom
import java.security.Security
import javax.net.ssl.KeyManagerFactory
import javax.net.ssl.KeyStoreBuilderParameters
import javax.net.ssl.SSLContext
import javax.net.ssl.X509ExtendedKeyManager
import javax.security.auth.callback.Callback
import javax.security.auth.callback.CallbackHandler
import javax.security.auth.callback.PasswordCallback

	"google.golang.org/grpc/credentials"
	"google.golang.org/grpc/peer"

	"istio.io/istio/pkg/security"
	"istio.io/istio/security/pkg/pki/util"
)

const (
	ClientCertAuthenticatorType = "ClientCertAuthenticator"
)

// ClientCertAuthenticator extracts identities from client certificate.
type ClientCertAuthenticator struct{}

var _ security.Authenticator = &ClientCertAuthenticator{}

=== "Python 3.10+"

    ```Python hl_lines="62-65"
    {!> ../../../docs_src/security/tutorial005_an_py310.py!}
    ```

=== "Python 3.9+"

    ```Python hl_lines="62-65"
    {!> ../../../docs_src/security/tutorial005_an_py39.py!}
    ```

=== "Python 3.8+"

    ```Python hl_lines="63-66"
    {!> ../../../docs_src/security/tutorial005_an.py!}
    ```

=== "Python 3.10+ nicht annotiert"

# Defined below are the security contacts for this repo.
#
# They are the contact point for the Product Security Committee to reach out
# to for triaging and handling of incoming issues.
#
# The below names agree to abide by the
# [Embargo Policy](https://git.k8s.io/security/private-distributors-list.md#embargo-policy)
# and will be removed and replaced if they violate that agreement.
#
# DO NOT REPORT SECURITY VULNERABILITIES DIRECTLY TO THESE NAMES, FOLLOW THE

# Defined below are the security contacts for this repo.
#
# They are the contact point for the Product Security Committee to reach out
# to for triaging and handling of incoming issues.
#
# The below names agree to abide by the
# [Embargo Policy](https://git.k8s.io/security/private-distributors-list.md#embargo-policy)
# and will be removed and replaced if they violate that agreement.
#
# DO NOT REPORT SECURITY VULNERABILITIES DIRECTLY TO THESE NAMES, FOLLOW THE

from typing import Optional

from fastapi import FastAPI, Security
from fastapi.security.http import HTTPAuthorizationCredentials, HTTPBase
from fastapi.testclient import TestClient

app = FastAPI()

security = HTTPBase(scheme="Other", auto_error=False)


@app.get("/users/me")
def read_current_user(
    credentials: Optional[HTTPAuthorizationCredentials] = Security(security),
):
    if credentials is None:

from fastapi import FastAPI, Security
from fastapi.security import HTTPAuthorizationCredentials, HTTPDigest
from fastapi.testclient import TestClient

app = FastAPI()

security = HTTPDigest()


@app.get("/users/me")
def read_current_user(credentials: HTTPAuthorizationCredentials = Security(security)):
    return {"scheme": credentials.scheme, "credentials": credentials.credentials}


client = TestClient(app)