# Simples OAuth2 com senha e Bearer { #simple-oauth2-with-password-and-bearer }

Agora vamos construir a partir do capítulo anterior e adicionar as partes que faltam para ter um fluxo de segurança completo.

## Obtenha o `username` e a `password` { #get-the-username-and-password }

É utilizado o utils de segurança da **FastAPI** para obter o `username` e a `password`.

    if not user_dict:
        raise HTTPException(status_code=400, detail="Incorrect username or password")
    user = UserInDB(**user_dict)
    hashed_password = fake_hash_password(form_data.password)
    if not hashed_password == user.hashed_password:
        raise HTTPException(status_code=400, detail="Incorrect username or password")

    return {"access_token": user.username, "token_type": "bearer"}


@app.get("/users/me")

    if not user_dict:
        raise HTTPException(status_code=400, detail="Incorrect username or password")
    user = UserInDB(**user_dict)
    hashed_password = fake_hash_password(form_data.password)
    if not hashed_password == user.hashed_password:
        raise HTTPException(status_code=400, detail="Incorrect username or password")

    return {"access_token": user.username, "token_type": "bearer"}


@app.get("/users/me")

def get_mod(request: pytest.FixtureRequest):
    mod = importlib.import_module(f"docs_src.security.{request.param}")

    return mod


def get_access_token(*, username="johndoe", password="secret", client: TestClient):
    data = {"username": username, "password": password}
    response = client.post("/token", data=data)
    content = response.json()
    access_token = content.get("access_token")
    return access_token

    return password_hash.verify(plain_password, hashed_password)


def get_password_hash(password):
    return password_hash.hash(password)


def get_user(db, username: str):
    if username in db:
        user_dict = db[username]
        return UserInDB(**user_dict)


def authenticate_user(fake_db, username: str, password: str):
    user = get_user(fake_db, username)
    if not user:
        return False

                    throw new RuntimeException("Plain text passwords are disabled");
                } else if (useUnicode) {
                    // plain text
                    final String password = auth.getPassword();
                    lmHash = new byte[0];
                    ntHash = new byte[(password.length() + 1) * 2];
                    writeString(password, ntHash, 0);
                } else {
                    // plain text

    }

    /** The username. */
    @NotBlank
    public String username;

    /** The password. */
    @NotBlank
    public String password;

    /** The confirm password. */
    public String confirmPassword;

    /**
     * Clears the security info.
     */
    public void clearSecurityInfo() {
        password = null;
        confirmPassword = null;
    }

Теперь, отталкиваясь от предыдущей главы, добавим недостающие части, чтобы получить полный поток безопасности.

## Получение `username` и `password` { #get-the-username-and-password }

Для получения `username` и `password` мы будем использовать утилиты безопасности **FastAPI**.

    }

    /**
     * Changes the password for a user across all authentication chains.
     * @param username The username for which to change the password.
     * @param password The new password.
     * @return True if the password was successfully changed in all chains, false otherwise.
     */
    public boolean changePassword(final String username, final String password) {

It can be used by third party applications and systems.

And it can also be used by yourself, to debug, check and test the same application.

## The `password` flow { #the-password-flow }

Now let's go back a bit and understand what is all that.

The `password` "flow" is one of the ways ("flows") defined in OAuth2, to handle security and authentication.