This increases the likelihood that HTTP/2 connections will be shared.
 *  New: Authentication challenges and credentials now use a charset. Use this in
    your authenticator to support user names and passwords with non-ASCII
    characters.
 *  New: Accept a charset in `FormBody.Builder`. Previously form bodies were
    always UTF-8.
 *  New: Support the `immutable` cache-control directive.

І ваші користувачі зможуть входити як із вашого застосунку Django, так і з вашого застосунку **FastAPI** одночасно.

///

## Хешування і перевірка паролів { #hash-and-verify-the-passwords }

Імпортуйте потрібні інструменти з `pwdlib`.

Створіть екземпляр PasswordHash з рекомендованими налаштуваннями - він буде використаний для хешування та перевірки паролів.

/// tip | Порада

        serverData.sessKey = 0x12345678;
        serverData.scapabilities = 0x8000F3FD; // Various capabilities
        serverData.oemDomainName = "WORKGROUP";
        serverData.securityMode = 0x0F; // User + encrypt passwords + signatures
        serverData.security = 1; // User level
        serverData.encryptedPasswords = true;
        serverData.signaturesEnabled = true;
        serverData.signaturesRequired = false;

* Support graceful termination in kube-dns ([#31894](https://github.com/kubernetes/kubernetes/pull/31894), [@MrHohn](https://github.com/MrHohn))
* When prompting for passwords, don't echo to the terminal ([#31586](https://github.com/kubernetes/kubernetes/pull/31586), [@brendandburns](https://github.com/brendandburns))

- The certificate signer no longer accepts ca.key passwords via the `CFSSL_CA_PK_PASSWORD` environment variable. This capability was not prompted by user request, never advertised, and recommended against in the security audit. ([#84677](https://github.com/kubernetes/kubernetes/pull/84677), [@mikedanese]...

    /**
     * Get the value for the key 'password.invalid.admin.passwords'. <br>
     * The value is, e.g. admin <br>
     * comment: List of invalid admin passwords.
     * @return The value of found property. (NotNull: if not found, exception but basically no way)
     */
    String getPasswordInvalidAdminPasswords();

    /**
     * Get the value for the key 'password.min.length'. <br>
     * The value is, e.g. 8 <br>

# Einfaches OAuth2 mit Password und Bearer { #simple-oauth2-with-password-and-bearer }

Lassen Sie uns nun auf dem vorherigen Kapitel aufbauen und die fehlenden Teile hinzufügen, um einen vollständigen Sicherheits-Flow zu erhalten.

## `username` und `password` entgegennehmen { #get-the-username-and-password }

Wir werden **FastAPIs** Sicherheits-Werkzeuge verwenden, um den `username` und das `password` entgegenzunehmen.

# Password ve Bearer ile Basit OAuth2 { #simple-oauth2-with-password-and-bearer }

Şimdi önceki bölümün üzerine inşa edip, eksik parçaları ekleyerek tam bir güvenlik akışı oluşturalım.

## `username` ve `password`’ü Alma { #get-the-username-and-password }

`username` ve `password`’ü almak için **FastAPI** security yardımcı araçlarını kullanacağız.

* 🚸 Set format to password for fields `password` and `client_secret` in `OAuth2PasswordRequestForm`, make docs show password fields for passwords. PR [#11032](https://github.com/fastapi/fastapi/pull/11032) by [@Thodoris1999](https://github.com/Thodoris1999).

        assertEquals("errors.password_no_lowercase", systemHelper.validatePassword("PASSWORD1!"));
        assertEquals("errors.password_no_digit", systemHelper.validatePassword("Password!"));
        assertEquals("errors.password_no_special_char", systemHelper.validatePassword("Password1"));
        assertEquals("", systemHelper.validatePassword("Password1!"));