Por ejemplo, en una de las formas en las que se puede usar la especificación OAuth2 (llamada "password flow") se requiere enviar un `username` y `password` como campos de formulario.

La <abbr title="specification">especificación</abbr> requiere que los campos se llamen exactamente `username` y `password`, y que se envíen como campos de formulario, no JSON.

{* ../../docs_src/request_forms/tutorial001_an_py39.py hl[9] *}

For example, in one of the ways the OAuth2 specification can be used (called "password flow") it is required to send a `username` and `password` as form fields.

The <abbr title="specification">spec</abbr> requires the fields to be exactly named `username` and `password`, and to be sent as form fields, not JSON.

    if (args.length != 4) {
      System.out.println("Usage: SampleServer <keystore> <password> <root file> <port>");
      return;
    }

    String keystoreFile = args[0];
    String password = args[1];
    String root = args[2];
    int port = Integer.parseInt(args[3]);

    SSLContext sslContext = sslContext(keystoreFile, password);
    SampleServer server = new SampleServer(sslContext, root, port);
    server.run();

    /**
     * The username of the user.
     */
    @Required
    @Size(max = 100)
    public String name;

    /**
     * The password for the user.
     */
    @Size(max = 100)
    public String password;

    /**
     * The password confirmation field.
     */
    @Size(max = 100)
    public String confirmPassword;

    /**
     * The attributes map for the user.
     */

```Python
UserInDB(
    username="john",
    password="secret",
    email="******@****.***",
    full_name=None,
)
```

O más exactamente, usando `user_dict` directamente, con cualquier contenido que pueda tener en el futuro:

```Python
UserInDB(
    username = user_dict["username"],
    password = user_dict["password"],
    email = user_dict["email"],
    full_name = user_dict["full_name"],

    @Test
    public void testEncryptDecryptLongPassword() throws Exception {
        // Test with very long password
        char[] plaintext = new char[10000];
        Arrays.fill(plaintext, 'X');

        byte[] encrypted = storage.encryptCredentials(plaintext);
        assertNotNull(encrypted, "Encrypted long password should not be null");

	contentType := r.Header.Get("Content-Type")
	if contentType != "application/octet-stream" {
		writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrBadRequest), r.URL)
		return
	}

	password := cred.SecretKey
	reqBytes, err := madmin.DecryptData(password, io.LimitReader(r.Body, r.ContentLength))
	if err != nil {
		adminLogIf(ctx, err)
		writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrAdminConfigBadJSON), r.URL)
		return
	}

        }
    }

    @Override
    public boolean changePassword(final String username, final String password) {
        if (isTargetUser(username) && StringUtil.isNotBlank(password)) {
            return executeCommand(updateCommand, username, password) == 0;
        }
        return true;
    }

    @Override
    public User load(final User user) {
        return user;
    }

    /**

    #   o user: The database user name. (Required)
    #   o password: The database password. (NotRequired - Default '')
    #
    #; schemaSyncCheckMap = map:{
    #    ; url = jdbc:...
    #    ; schema = EXAMPLEDB
    #    ; user = exampuser
    #    ; password = exampword
    #}
    # - - - - - - - - - -/

Para manejar eso, primero convertimos el `username` y `password` a `bytes` codificándolos con UTF-8.

Luego podemos usar `secrets.compare_digest()` para asegurar que `credentials.username` es `"stanleyjobson"`, y que `credentials.password` es `"swordfish"`.

{* ../../docs_src/security/tutorial007_an_py39.py hl[1,12:24] *}

Esto sería similar a:

```Python