* `clientCredentials`
        * `authorizationCode`
    * Es gibt jedoch einen bestimmten „Flow“, der perfekt für die direkte Abwicklung der Authentifizierung in derselben Anwendung verwendet werden kann:
        * `password`: Einige der nächsten Kapitel werden Beispiele dafür behandeln.
* `openIdConnect`: bietet eine Möglichkeit, zu definieren, wie OAuth2-Authentifizierungsdaten automatisch ermittelt werden können.

            if (!lowerData.contains("password") && !lowerData.contains("secret") && !lowerData.contains("token")
                    && !lowerData.contains("key") && !lowerData.contains("credential") && !lowerData.contains("auth")) {
                return data; // No sensitive patterns detected, skip regex
            }
        }

        // Mask passwords and secrets using cached pattern

     */
    public String getPassword() {
        return password;
    }

    /**
     * Set the user's password which is used when connecting to the repository.
     *
     * @param password password of the user
     */
    public void setPassword(String password) {
        this.password = password;
    }

    /**
     * Get the username used to access the repository.
     *

                "msg": "String should match pattern '^password$'",
                "input": grant_type,
                "ctx": {"pattern": "^password$"},
            }
        ]
    }


def test_strict_login_correct_grant_type():
    response = client.post(
        "/login",
        data={"username": "johndoe", "password": "secret", "grant_type": "password"},
    )
    assert response.status_code == 200

                "msg": "String should match pattern '^password$'",
                "input": grant_type,
                "ctx": {"pattern": "^password$"},
            }
        ]
    }


def test_strict_login_correct_correct_grant_type():
    response = client.post(
        "/login",
        data={"username": "johndoe", "password": "secret", "grant_type": "password"},
    )

If it doesn't receive it, it returns an HTTP 401 "Unauthorized" error.

And returns a header `WWW-Authenticate` with a value of `Basic`, and an optional `realm` parameter.

That tells the browser to show the integrated prompt for a username and password.

Then, when you type that username and password, the browser sends them in the header automatically.

     * from memory.
     *
     * @return the password as a char array
     */
    public char[] getPasswordAsCharArray() {
        checkNotClosed();
        return this.password != null && this.password.length > 0 ? this.password.clone() : this.password == null ? null : new char[0];
    }

    /**
     * Securely wipes the password from memory
     */

class OAuth2PasswordRequestForm:
    """
    This is a dependency class to collect the `username` and `password` as form data
    for an OAuth2 password flow.

    The OAuth2 specification dictates that for a password flow the data should be
    collected using form data (instead of JSON) and that it should have the specific
    fields `username` and `password`.

    All the initialization parameters are extracted from the request.

#                                                   Password
#                                                     ------

# List of invalid admin passwords.
password.invalid.admin.passwords=\
admin

# Minimum password length (0 to disable).
password.min.length=8

# Require uppercase letters in password.
password.require.uppercase=false

# Require lowercase letters in password.

        }
        return redirect(getClass());
    }

    /**
     * Handles password change for the current user.
     *
     * @param form the password form containing new password and confirmation
     * @return the HTML response after password change attempt
     */
    @Execute
    public HtmlResponse changePassword(final PasswordForm form) {