这就是通过用户提供的令牌使用第三方应用访问这些*路径操作*时会发生的情况，具体怎样取决于用户授予第三方应用的权限。

## 关于第三方集成

本例使用 OAuth2 **密码**流。

这种方式适用于登录我们自己的应用，最好使用我们自己的前端。

因为我们能控制自己的前端应用，可以信任它接收 `username` 与 `password`。

但如果构建的是连接其它应用的 OAuth2 应用，比如具有与脸书、谷歌、GitHub 相同功能的第三方身份验证应用。那您就应该使用其它安全流。

最常用的是隐式流。

最安全的是代码流，但实现起来更复杂，而且需要更多步骤。因为它更复杂，很多第三方身份验证应用最终建议使用隐式流。

/// note | 笔记

每个身份验证应用都会采用不同方式会命名流，以便融合入自己的品牌。

Primeiro, vamos ver como editores, mypy e outras ferramentas veriam isso.

`BaseUser` tem os campos base. Então `UserIn` herda de `BaseUser` e adiciona o campo `password`, então, ele incluirá todos os campos de ambos os modelos.

Anotamos o tipo de retorno da função como `BaseUser`, mas na verdade estamos retornando uma instância `UserIn`.

次のようなユーザーインターフェイスが表示されます：

<img src="/img/tutorial/security/image07.png">

前回と同じ方法でアプリケーションの認可を行います。

次の認証情報を使用します：

Username: `johndoe`
Password: `secret`

/// check | 確認

コードのどこにも平文のパスワード"`secret`"はなく、ハッシュ化されたものしかないことを確認してください。

///

<img src="/img/tutorial/security/image08.png">

エンドポイント`/users/me/`を呼び出すと、次のようなレスポンスが得られます：

ir","value":""},{"key":"queue_limit","value":"0"},{"key":"max_open_connections","value":"2"}]},"notify_redis":{"_":[{"key":"enable","value":"off"},{"key":"format","value":"namespace"},{"key":"address","value":""},{"key":"key","value":""},{"key":"password","value":""},{"key":"user","value":""},{"key":"queue_dir","value":""},{"key":"queue_limit","value":"0"}]},"notify_webhook":{"_":[{"key":"enable","value":"off"},{"key":"endpoint","value":""},{"key":"auth_token","value":""},{"key":"queue_limit","v...

		if err != nil {
			c.Fatalf("policy add error: %v", err)
		}
	}

	makeSTSClient := func(user, password string) *minio.Client {
		// Generate web identity JWT by interacting with OpenID IDP.
		token, err := MockOpenIDTestUserInteraction(ctx, clientApp, user, password)
		if err != nil {
			c.Fatalf("mock user err: %v", err)
		}

		// Generate STS credential.

in accord with this section must be in a format that is publicly
documented (and with an implementation available to the public in
source code form), and must require no special password or key for
unpacking, reading or copying.

  7. Additional Terms.

  "Additional permissions" are terms that supplement the terms of this
License by making exceptions from one or more of its conditions.

* ✨ Add `refreshUrl` parameter in `OAuth2PasswordBearer`. PR [#11460](https://github.com/fastapi/fastapi/pull/11460) by [@snosratiershad](https://github.com/snosratiershad).
* 🚸 Set format to password for fields `password` and `client_secret` in `OAuth2PasswordRequestForm`, make docs show password fields for passwords. PR [#11032](https://github.com/fastapi/fastapi/pull/11032) by [@Thodoris1999](https://github.com/Thodoris1999).

in accord with this section must be in a format that is publicly
documented (and with an implementation available to the public in
source code form), and must require no special password or key for
unpacking, reading or copying.

  7. Additional Terms.

  "Additional permissions" are terms that supplement the terms of this
License by making exceptions from one or more of its conditions.

integer size. func divRoundUp(x, y int) int { return int((int64(x) + int64(y) - 1) / int64(y)) } func Key[Hash fips140.Hash](h func() Hash, password string, salt []byte, iter, keyLength int) ([]byte, error) { setServiceIndicator(salt, keyLength) if keyLength <= 0 { return nil, errors.New("pkbdf2: keyLength must be larger than 0") } prf := hmac.New(h, []byte(password)) hmac.MarkAsUsedInKDF(prf) hashLen := prf.Size() numBlocks := divRoundUp(keyLength, hashLen) const maxBlocks = int64(1<<32 - 1) if keyLength+hashLen...

integer size. func divRoundUp(x, y int) int { return int((int64(x) + int64(y) - 1) / int64(y)) } func Key[Hash hash.Hash](h func() Hash, password string, salt []byte, iter, keyLength int) ([]byte, error) { setServiceIndicator(salt, keyLength) if keyLength <= 0 { return nil, errors.New("pkbdf2: keyLength must be larger than 0") } prf := hmac.New(h, []byte(password)) hmac.MarkAsUsedInKDF(prf) hashLen := prf.Size() numBlocks := divRoundUp(keyLength, hashLen) const maxBlocks = int64(1<<32 - 1) if keyLength+hashLen...