ME - Code Search

tests/test_security_http_basic_optional.py


@app.get("/users/me")
def read_current_user(credentials: Optional[HTTPBasicCredentials] = Security(security)):
    if credentials is None:
        return {"msg": "Create an account first"}
    return {"username": credentials.username, "password": credentials.password}


client = TestClient(app)


def test_security_http_basic():
    response = client.get("/users/me", auth=("john", "secret"))

Created: Sun Dec 28 07:19:09 GMT 2025

- Last Modified: Mon Nov 24 19:03:06 GMT 2025

- 2.6K bytes

- Click Count (0)

github.com/tiangolo/fastapi

docs/zh/docs/advanced/security/oauth2-scopes.md

它们会为每个*路径操作*进行单独检查。

## 查看文档

打开 API 文档，进行身份验证，并指定要授权的作用域。

<img src="/img/tutorial/security/image11.png">

没有选择任何作用域，也可以进行**身份验证**，但访问 `/uses/me` 或 `/users/me/items` 时，会显示没有足够的权限。但仍可以访问 `/status/`。

如果选择了作用域 `me`，但没有选择作用域 `items`，则可以访问 `/users/me/`，但不能访问 `/users/me/items`。

这就是通过用户提供的令牌使用第三方应用访问这些*路径操作*时会发生的情况，具体怎样取决于用户授予第三方应用的权限。

## 关于第三方集成

本例使用 OAuth2 **密码**流。

这种方式适用于登录我们自己的应用，最好使用我们自己的前端。

Created: Sun Dec 28 07:19:09 GMT 2025

- Last Modified: Sun Dec 29 20:41:04 GMT 2024

- 11.6K bytes

- Click Count (0)

github.com/tiangolo/fastapi

tests/test_security_http_digest_optional.py

client = TestClient(app)


def test_security_http_digest():
    response = client.get("/users/me", headers={"Authorization": "Digest foobar"})
    assert response.status_code == 200, response.text
    assert response.json() == {"scheme": "Digest", "credentials": "foobar"}


def test_security_http_digest_no_credentials():
    response = client.get("/users/me")
    assert response.status_code == 200, response.text

Created: Sun Dec 28 07:19:09 GMT 2025

- Last Modified: Thu Feb 27 12:29:20 GMT 2025

- 2.2K bytes

- Click Count (0)

github.com/tiangolo/fastapi

tests/test_tutorial/test_security/test_tutorial004.py

    response = client.get("/users/me")
    assert response.status_code == 401, response.text
    assert response.json() == {"detail": "Not authenticated"}
    assert response.headers["WWW-Authenticate"] == "Bearer"


def test_token(mod: ModuleType):
    client = TestClient(mod.app)
    access_token = get_access_token(client=client)
    response = client.get(
        "/users/me", headers={"Authorization": f"Bearer {access_token}"}

Created: Sun Dec 28 07:19:09 GMT 2025

- Last Modified: Fri Dec 26 10:43:02 GMT 2025

- 13.3K bytes

- Click Count (0)

github.com/tiangolo/fastapi

tests/test_tutorial/test_security/test_tutorial005.py

    response = client.get("/users/me")
    assert response.status_code == 401, response.text
    assert response.json() == {"detail": "Not authenticated"}
    assert response.headers["WWW-Authenticate"] == "Bearer"


def test_token(mod: ModuleType):
    client = TestClient(mod.app)
    access_token = get_access_token(scope="me", client=client)
    response = client.get(

Created: Sun Dec 28 07:19:09 GMT 2025

- Last Modified: Sat Dec 27 18:19:10 GMT 2025

- 15.8K bytes

- Click Count (0)

github.com/tiangolo/fastapi

tests/test_tutorial/test_security/test_tutorial006.py


def test_security_http_basic(client: TestClient):
    response = client.get("/users/me", auth=("john", "secret"))
    assert response.status_code == 200, response.text
    assert response.json() == {"username": "john", "password": "secret"}


def test_security_http_basic_no_credentials(client: TestClient):
    response = client.get("/users/me")
    assert response.json() == {"detail": "Not authenticated"}

Created: Sun Dec 28 07:19:09 GMT 2025

- Last Modified: Wed Dec 17 20:41:43 GMT 2025

- 2.6K bytes

- Click Count (0)

github.com/apache/maven

impl/maven-core/src/test/java/org/apache/maven/lifecycle/internal/stub/LifecycleExecutionPlanCalculatorStub.java

        List<MojoExecution> me = new ArrayList<>();
        me.add(createMojoExecution("initialize", "default-initialize", INITIALIZE));
        me.add(createMojoExecution("resources", "default-resources", PROCESS_RESOURCES));
        me.add(createMojoExecution("compile", "default-compile", COMPILE));
        me.add(createMojoExecution("testResources", "default-testResources", PROCESS_TEST_RESOURCES));

Created: Sun Dec 28 03:35:09 GMT 2025

- Last Modified: Fri Jun 06 14:28:57 GMT 2025

- 12.6K bytes

- Click Count (0)

github.com/tiangolo/fastapi

tests/test_security_http_basic_realm_description.py

security = HTTPBasic(realm="simple", description="HTTPBasic scheme")


@app.get("/users/me")
def read_current_user(credentials: HTTPBasicCredentials = Security(security)):
    return {"username": credentials.username, "password": credentials.password}


client = TestClient(app)


def test_security_http_basic():
    response = client.get("/users/me", auth=("john", "secret"))
    assert response.status_code == 200, response.text

Created: Sun Dec 28 07:19:09 GMT 2025

- Last Modified: Mon Nov 24 19:03:06 GMT 2025

- 2.7K bytes

- Click Count (0)

github.com/tiangolo/fastapi

docs_src/security/tutorial005_an_py310.py

    )
    return Token(access_token=access_token, token_type="bearer")


@app.get("/users/me/", response_model=User)
async def read_users_me(
    current_user: Annotated[User, Depends(get_current_active_user)],
):
    return current_user


@app.get("/users/me/items/")
async def read_own_items(
    current_user: Annotated[User, Security(get_current_active_user, scopes=["items"])],
):

Created: Sun Dec 28 07:19:09 GMT 2025

- Last Modified: Mon Sep 29 02:57:38 GMT 2025

- 5.3K bytes

- Click Count (0)

github.com/tiangolo/fastapi

docs_src/security/tutorial005_an_py39.py

    )
    return Token(access_token=access_token, token_type="bearer")


@app.get("/users/me/", response_model=User)
async def read_users_me(
    current_user: Annotated[User, Depends(get_current_active_user)],
):
    return current_user


@app.get("/users/me/items/")
async def read_own_items(
    current_user: Annotated[User, Security(get_current_active_user, scopes=["items"])],
):

Created: Sun Dec 28 07:19:09 GMT 2025

- Last Modified: Mon Sep 29 02:57:38 GMT 2025

- 5.3K bytes

- Click Count (0)

Search Options