Every time you "log in with" Facebook, Google, GitHub, Microsoft, X (Twitter), that application is using OAuth2 with scopes.

In this section you will see how to manage authentication and authorization with the same OAuth2 with scopes in your **FastAPI** application.

/// warning

 */
@Deprecated(since = "4.0.0")
public class ObjectBasedValueSource extends AbstractValueSource {

    private final Object root;

    /**
     * Construct a new value source, using the supplied object as the root from
     * which to start, and using expressions split at the dot ('.') to navigate
     * the object graph beneath this root.
     * @param root the root of the graph.
     */
    public ObjectBasedValueSource(Object root) {

/// tip

The syntax `{"name", "description"}` creates a `set` with those two values.

It is equivalent to `set(["name", "description"])`.

///

#### Using `list`s instead of `set`s { #using-lists-instead-of-sets }

If you forget to use a `set` and use a `list` or `tuple` instead, FastAPI will still convert it to a `set` and it will work correctly:

        // Restore system properties and clean up static state
        System.setProperties(originalSystemProperties);
        resetHandlerState();
    }

    /**
     * Resets the static state of the Handler class using reflection.
     * This is crucial for ensuring that tests are isolated from each other.
     */
    private void resetHandlerState() throws Exception {
        // Reset the static factory field

In version 0.121.0, FastAPI added support for `Depends(scope="function")` for dependencies with `yield`.

Using `Depends(scope="function")`, the exit code after `yield` is executed right after the *path operation function* is finished, before the response is sent back to the client.

And when using `Depends(scope="request")` (the default), the exit code after `yield` is executed after the response is sent.

### Enable Keycloak Admin REST API support

Before being able to authenticate against the Admin REST API using a client_id and a client_secret you need to make sure the client is configured as it follows:

- `account` client_id is a confidential client that belongs to the realm `{realm}`

using tensorflow::PartialTensorShape;
using tensorflow::RunMetadata;
using tensorflow::RunOptions;
using tensorflow::Session;
using tensorflow::Status;
using tensorflow::string;
using tensorflow::Tensor;
using tensorflow::TensorId;
using tensorflow::TensorShapeProto;
using tensorflow::VersionDef;
using tensorflow::errors::FailedPrecondition;
using tensorflow::errors::InvalidArgument;
using tensorflow::errors::OutOfRange;

# Request Forms and Files { #request-forms-and-files }

You can define files and form fields at the same time using `File` and `Form`.

/// info

To receive uploaded files and/or form data, first install [`python-multipart`](https://github.com/Kludex/python-multipart).

Make sure you create a [virtual environment](../virtual-environments.md), activate it, and then install it, for example:

```console
$ pip install python-multipart
```

///

understand that AGPLv3 licensing is complex and nuanced. It is for that reason we strongly encourage using experts in licensing to make any such determinations around compliance instead of relying on apocryphal or anecdotal advice.

[MinIO Commercial Licensing](https://min.io/pricing) is the best option for applications that trigger AGPLv3 obligations (e.g. open sourcing your application). Applications using MinIO - or any other OSS-licensed code - without validating their usage do so at their own risk....

These attacks exploit the fact that browsers allow scripts to send requests without doing any CORS preflight check when they:

* don't have a `Content-Type` header (e.g. using `fetch()` with a `Blob` body)
* and don't send any authentication credentials.

This type of attack is mainly relevant when:

* the application is running locally (e.g. on `localhost`) or in an internal network