所有的驗證都由完善且強大的 **Pydantic** 處理。

### 安全性及身份驗證 { #security-and-authentication }

FastAPI 已經整合了安全性和身份驗證的功能，但不會強制與特定的資料庫或資料模型進行綁定。

OpenAPI 中定義的安全模式，包括：

* HTTP 基本認證。
* **OAuth2**（也使用 **JWT tokens**）。在 [OAuth2 with JWT](tutorial/security/oauth2-jwt.md) 查看教學。
* API 密鑰，在：
    * 標頭（Header）
    * 查詢參數
    * Cookies，等等。

加上來自 Starlette（包括 **session cookie**）的所有安全特性。

</p>

<h3 id="Tokens">Tokens</h3>

<p>
Tokens form the vocabulary of the Go language.
There are four classes: <i>identifiers</i>, <i>keywords</i>, <i>operators
and punctuation</i>, and <i>literals</i>.  <i>White space</i>, formed from
spaces (U+0020), horizontal tabs (U+0009),
carriage returns (U+000D), and newlines (U+000A),
is ignored except as it separates tokens

### VMware

- SAML token delegation (required for Zones support in vSphere) is now supported ([#78876](https://github.com/kubernetes/kubernetes/pull/78876), [@dougm](https://github.com/dougm))
- vSphere SAML token auth is now supported when using Zones ([#75515](https://github.com/kubernetes/kubernetes/pull/75515), [@dougm](https://github.com/dougm))

* <abbr title="Getting Things Done - S'organiser pour réussir">GTD</abbr>
* <abbr title="less than - inférieur à"><code>lt</code></abbr>
* <abbr title="XML Web Token - Jeton Web XML">XWT</abbr>
* <abbr title="Parallel Server Gateway Interface - Interface passerelle serveur parallèle">PSGI</abbr>

Это тот же механизм, когда вы даёте разрешения при входе через Facebook, Google, GitHub и т.д.:

<img src="/img/tutorial/security/image11.png">

## JWT-токены со scopes { #jwt-token-with-scopes }

Теперь измените операцию пути, выдающую токен, чтобы возвращать запрошенные scopes.

errors.failed_to_download_mapping_file = Failed to download a mapping file.
errors.failed_to_upload_mapping_file = Failed to upload a mapping file.
errors.invalid_kuromoji_token={0} is invalid as a token.
errors.invalid_kuromoji_segmentation=The number of segmentation for {0} and {1} is different.
errors.invalid_str_is_included = {1} is invalid for {0}.
errors.blank_password = Password is required.

errors.failed_to_download_mapping_file = Failed to download a mapping file.
errors.failed_to_upload_mapping_file = Failed to upload a mapping file.
errors.invalid_kuromoji_token={0} is invalid as a token.
errors.invalid_kuromoji_segmentation=The number of segmentation for {0} and {1} is different.
errors.invalid_str_is_included = {1} is invalid for {0}.
errors.blank_password = Password is required.

- If BoundServiceAccountTokenVolume is enabled, cluster admins can use metric `serviceaccount_stale_tokens_total` to monitor workloads that are depending on the extended tokens. If there are no such workloads, turn off extended tokens by starting `kube-apiserver` with flag `--service-account-extend-token-expiration=false` ([#96273](https://github.com/kubernetes/kubernetes/pull/96273), [@zshihang](https://github.com/zshihang)) [SIG API Machinery and Auth]

        }
    }

    /**
     * Attempts to obtain login credentials using SPNEGO authentication.
     *
     * This method processes the HTTP request to extract and validate SPNEGO
     * authentication tokens. It handles the SPNEGO handshake process and
     * extracts the user principal from successful authentication.
     *
     * @return The login credential containing the authenticated username,

 *
 * <p>A high-quality hash function strives for some subset of the following virtues:
 *
 * <ul>
 *   <li><b>collision-resistant:</b> while the definition above requires making at least <i>some</i>
 *       token attempt, one measure of the quality of a hash function is <i>how well</i> it succeeds
 *       at this goal. Important note: it may be easy to achieve the theoretical minimum collision