# Advanced Security

## Additional Features

There are some extra features to handle security apart from the ones covered in the [Tutorial - User Guide: Security](../../tutorial/security/index.md){.internal-link target=_blank}.

!!! tip
    The next sections are **not necessarily "advanced"**.

    And it's possible that for your use case, the solution is in one of them.

## Read the Tutorial first

=== "Python 3.10+"

    ```Python hl_lines="4  78"
    {!> ../../../docs_src/security/tutorial003_an_py310.py!}
    ```

=== "Python 3.9+"

    ```Python hl_lines="4  78"
    {!> ../../../docs_src/security/tutorial003_an_py39.py!}
    ```

=== "Python 3.8+"

    ```Python hl_lines="4  79"
    {!> ../../../docs_src/security/tutorial003_an.py!}
    ```

=== "Python 3.10+ nicht annotiert"

from fastapi import FastAPI, Security
from fastapi.security.http import HTTPAuthorizationCredentials, HTTPBase
from fastapi.testclient import TestClient

app = FastAPI()

security = HTTPBase(scheme="Other")


@app.get("/users/me")
def read_current_user(credentials: HTTPAuthorizationCredentials = Security(security)):
    return {"scheme": credentials.scheme, "credentials": credentials.credentials}


client = TestClient(app)

    {!> ../../../docs_src/security/tutorial004_an_py310.py!}
    ```

=== "Python 3.9+"

    ```Python hl_lines="8  49  56-57  60-61  70-76"
    {!> ../../../docs_src/security/tutorial004_an_py39.py!}
    ```

=== "Python 3.8+"

    ```Python hl_lines="8  50  57-58  61-62  71-77"
    {!> ../../../docs_src/security/tutorial004_an.py!}
    ```

    {!> ../../../docs_src/security/tutorial002_py310.py!}
    ```

## 💉 ⏮️ 👩‍💻

🔜 👥 💪 ⚙️ 🎏 `Depends` ⏮️ 👆 `get_current_user` *➡ 🛠️*:

=== "🐍 3️⃣.6️⃣ & 🔛"

    ```Python hl_lines="31"
    {!> ../../../docs_src/security/tutorial002.py!}
    ```

=== "🐍 3️⃣.1️⃣0️⃣ & 🔛"

    ```Python hl_lines="29"
    {!> ../../../docs_src/security/tutorial002_py310.py!}
    ```

# Defined below are the security contacts for this repo.
#
# They are the contact point for the Product Security Committee to reach out
# to for triaging and handling of incoming issues.
#
# The below names agree to abide by the
# [Embargo Policy](https://git.k8s.io/security/private-distributors-list.md#embargo-policy)
# and will be removed and replaced if they violate that agreement.
#
# DO NOT REPORT SECURITY VULNERABILITIES DIRECTLY TO THESE NAMES, FOLLOW THE

But when you want to also declare OAuth2 scopes, you can use `Security()` instead of `Depends()`.

You can import `Security()` directly from `fastapi`:

```python
from fastapi import Security
```

from fastapi import FastAPI, Security
from fastapi.security import OAuth2PasswordBearer
from fastapi.testclient import TestClient

app = FastAPI()

oauth2_scheme = OAuth2PasswordBearer(
    tokenUrl="/token",
    description="OAuth2PasswordBearer security scheme",
    auto_error=False,
)


@app.get("/items/")
async def read_items(token: Optional[str] = Security(oauth2_scheme)):
    if token is None:

from fastapi import Depends, FastAPI, Security
from fastapi.security.open_id_connect_url import OpenIdConnect
from fastapi.testclient import TestClient
from pydantic import BaseModel

app = FastAPI()

oid = OpenIdConnect(
    openIdConnectUrl="/openid", description="OpenIdConnect security scheme"
)


class User(BaseModel):
    username: str


def get_current_user(oauth_header: str = Security(oid)):

/pilot/pkg/security/                                             @istio/wg-security-maintainers
/pilot/pkg/config/                                               @istio/wg-networking-maintainers
/pilot/pkg/networking/plugin/authn/                              @istio/wg-security-maintainers
/pilot/pkg/networking/plugin/authz/                              @istio/wg-security-maintainers