Üçüncü taraf uygulamalar ve sistemler tarafından kullanılabilir.

Ve aynı uygulamayı debug etmek, kontrol etmek ve test etmek için sizin tarafınızdan da kullanılabilir.

## `password` Flow { #the-password-flow }

Şimdi biraz geri dönüp bunların ne olduğuna bakalım.

`password` "flow"u, OAuth2’de güvenlik ve authentication’ı yönetmek için tanımlanmış yöntemlerden ("flow"lardan) biridir.

Теперь, отталкиваясь от предыдущей главы, добавим недостающие части, чтобы получить полный поток безопасности.

## Получение `username` и `password` { #get-the-username-and-password }

Для получения `username` и `password` мы будем использовать утилиты безопасности **FastAPI**.

        TermQueryBuilder builder = regTermQ("password", password);
        if (opLambda != null) {
            opLambda.callback(builder);
        }
    }

    public void setPassword_NotEqual(String password) {
        setPassword_NotTerm(password, null);
    }

    public void setPassword_NotTerm(String password) {
        setPassword_NotTerm(password, null);

```Python
UserInDB(
    username="john",
    password="secret",
    email="******@****.***",
    full_name=None,
)
```

O más exactamente, usando `user_dict` directamente, con cualquier contenido que pueda tener en el futuro:

```Python
UserInDB(
    username = user_dict["username"],
    password = user_dict["password"],
    email = user_dict["email"],
    full_name = user_dict["full_name"],

errors.invalid_str_is_included = {0} non è valido in {1}.
errors.blank_password = La password è obbligatoria.
errors.password_length = La password deve contenere almeno {0} caratteri.
errors.password_no_uppercase = La password deve contenere almeno una lettera maiuscola.
errors.password_no_lowercase = La password deve contenere almeno una lettera minuscola.
errors.password_no_digit = La password deve contenere almeno una cifra.

дасть еквівалентний результат:

```Python
UserInDB(
    username="john",
    password="secret",
    email="******@****.***",
    full_name=None,
)
```

А точніше, використовуючи безпосередньо `user_dict`, з будь-яким його вмістом у майбутньому:

```Python
UserInDB(
    username = user_dict["username"],
    password = user_dict["password"],
    email = user_dict["email"],
    full_name = user_dict["full_name"],
)

    }

    /**
     * Changes the password for a user across all authentication chains.
     * @param username The username for which to change the password.
     * @param password The new password.
     * @return True if the password was successfully changed in all chains, false otherwise.
     */
    public boolean changePassword(final String username, final String password) {

                .getOrElse('test_admin'),
        password: providers.systemProperty('tests.rest.cluster.password')
                .forUseAtConfigurationTime()
                .getOrElse('x-pack-test-password')
]

tasks.withType(StandaloneRestIntegTestTask).configureEach {
    systemProperty 'tests.rest.cluster.username', clusterCredentials.username
    systemProperty 'tests.rest.cluster.password', clusterCredentials.password
}

# OAuth2 实现简单的 Password 和 Bearer 验证 { #simple-oauth2-with-password-and-bearer }

本章添加上一章示例中欠缺的部分，实现完整的安全流。

## 获取 `username` 和 `password` { #get-the-username-and-password }

首先，使用 **FastAPI** 安全工具获取 `username` 和 `password`。

OAuth2 规范要求使用“密码流”时，客户端或用户必须以表单数据形式发送 `username` 和 `password` 字段。

并且，这两个字段必须命名为 `username` 和 `password`，不能使用 `user-name` 或 `email` 等其它名称。

不过也不用担心，前端仍可以显示终端用户所需的名称。

数据库模型也可以使用所需的名称。

def get_password_hash(password):
    return password_hash.hash(password)


def get_user(db, username: str):
    if username in db:
        user_dict = db[username]
        return UserInDB(**user_dict)


def authenticate_user(fake_db, username: str, password: str):
    user = get_user(fake_db, username)
    if not user:
        verify_password(password, DUMMY_HASH)
        return False