If it doesn't receive it, it returns an HTTP 401 "Unauthorized" error.

And returns a header `WWW-Authenticate` with a value of `Basic`, and an optional `realm` parameter.

That tells the browser to show the integrated prompt for a username and password.

Then, when you type that username and password, the browser sends them in the header automatically.

    /**
     * The username of the user.
     */
    @Required
    @Size(max = 100)
    public String name;

    /**
     * The password for the user.
     */
    @Size(max = 100)
    public String password;

    /**
     * The password confirmation field.
     */
    @Size(max = 100)
    public String confirmPassword;

    /**
     * The attributes map for the user.
     */

Resultaria em algo equivalente a:

```Python
UserInDB(
    username="john",
    password="secret",
    email="******@****.***",
    full_name=None,
)
```

Ou mais exatamente, usando `user_dict` diretamente, com qualquer conteúdo que ele possa ter no futuro:

```Python
UserInDB(
    username = user_dict["username"],
    password = user_dict["password"],
    email = user_dict["email"],
    full_name = user_dict["full_name"],
)

```Python
UserInDB(
    username="john",
    password="secret",
    email="******@****.***",
    full_name=None,
)
```

Или, если для большей точности мы напрямую используем `user_dict` с любым потенциальным содержимым, то этот пример будет выглядеть так:

```Python
UserInDB(
    username = user_dict["username"],
    password = user_dict["password"],
    email = user_dict["email"],

            throw new IllegalArgumentException("Password hash must be provided, expected length 16 byte");
        }
        this.ntHash = passwordHash;
    }

    /**
     * Create username/password credentials with specified domain
     *
     * @param domain the authentication domain
     * @param username the username
     * @param passwordHashHex
     *            NT password hash, hex encoded
     */

🍵 👈, 👥 🥇 🗜 `username` & `password` `bytes` 🔢 👫 ⏮️ 🔠-8️⃣.

⤴️ 👥 💪 ⚙️ `secrets.compare_digest()` 🚚 👈 `credentials.username` `"stanleyjobson"`, & 👈 `credentials.password` `"swordfish"`.

{* ../../docs_src/security/tutorial007.py hl[1,11:21] *}

👉 🔜 🎏:

```Python
if not (credentials.username == "stanleyjobson") or not (credentials.password == "swordfish"):
    # Return some error
    ...
```

{* ../../docs_src/request_forms/tutorial001_an_py39.py hl[9] *}

Наприклад, один зі способів використання специфікації OAuth2 (так званий "password flow") вимагає надсилати `username` та `password` як поля форми.

<abbr title="Специфікація">spec</abbr> вимагає, щоб ці поля мали точні назви `username` і `password` та надсилалися у вигляді полів форми, а не JSON.

            } else {
                // plain text
                password = new byte[(session.auth.password.length() + 1) * 2];
                passwordLength = writeString(session.auth.password, password, 0);
            }
        } else {
            // no password in tree connect
            passwordLength = 1;
        }

        dst[dstIndex] = disconnectTid ? (byte) 0x01 : (byte) 0x00;

    }

    /**
     * Returns the time when the user's password was last changed.
     * @return the password last change timestamp
     */
    public Date getPwdLastChangeTime() {
        return this.pwdLastChangeTime;
    }

    /**
     * Returns the earliest time when the user can change their password.
     * @return the password can change timestamp
     */
    public Date getPwdCanChangeTime() {

        });

    }

    /**
     * Changes the password for a user identified by username.
     * Updates both the authentication manager and the database with the new encrypted password.
     *
     * @param username the username of the user
     * @param password the new password in plain text
     * @throws FessUserNotFoundException if the user is not found
     */