class User(BaseModel):
        username: str
        role: PlatformRole | OtherRole

    @app.get("/users")
    async def get_user() -> User:
        return {"username": "alice", "role": "admin"}

    client = TestClient(app)
    return client


@needs_py310
def test_get(client: TestClient):
    response = client.get("/users")
    assert response.json() == {"username": "alice", "role": "admin"}

    public void update(final User user) {
        final String username = user.getName();
        final String password = user.getOriginalPassword();
        changePassword(username, password);
    }

    @Override
    public void delete(final User user) {
        final String username = user.getName();
        if (isTargetUser(username)) {
            executeCommand(deleteCommand, username, StringUtil.EMPTY);
        }
    }

    response = client.post(
        "/form/",
        data={
            "username": "Rick",
            "lastname": "Sanchez",
            "age": "70",
            "tags": ["plumbus", "citadel"],
            "with": "something",
        },
    )
    assert response.status_code == 200, response.text
    assert response.json() == {
        "username": "Rick",
        "lastname": "Sanchez",
        "age": 70,

from fastapi import FastAPI, Form
from fastapi.testclient import TestClient

app = FastAPI()


@app.post("/form/")
def post_form(username: Annotated[str, Form()]):
    return username


client = TestClient(app)


def test_single_form_field():
    response = client.post("/form/", data={"username": "Rick"})
    assert response.status_code == 200, response.text
    assert response.json() == "Rick"

    }

    /**
     * Get the username used to access the repository.
     *
     * @return username at repository
     */
    public String getUsername() {
        return username;
    }

    /**
     * Set username used to access the repository.
     *
     * @param userName the username used to access repository
     */
    public void setUsername(final String userName) {
        this.username = userName;
    }

                final String username = account.username();
                if (logger.isDebugEnabled()) {
                    logger.debug("homeAccountId={}, username={}", homeAccountId, username);
                }
                permissionSet.add(systemHelper.getSearchRoleByUser(homeAccountId));
                permissionSet.add(systemHelper.getSearchRoleByUser(username));

oauth2_scheme = OAuth2PasswordBearer(tokenUrl="token")


class User(BaseModel):
    username: str
    email: str | None = None
    full_name: str | None = None
    disabled: bool | None = None


class UserInDB(User):
    hashed_password: str


def get_user(db, username: str):
    if username in db:
        user_dict = db[username]
        return UserInDB(**user_dict)


def fake_decode_token(token):

    * It contains the `username` and `password` sent.

{* ../../docs_src/security/tutorial006_an_py39.py hl[4,8,12] *}

When you try to open the URL for the first time (or click the "Execute" button in the docs) the browser will ask you for your username and password:

<img src="/img/tutorial/security/image12.png">

## Check the username { #check-the-username }

Here's a more complete example.

## `username` und `password` entgegennehmen { #get-the-username-and-password }

Wir werden **FastAPIs** Sicherheits-Werkzeuge verwenden, um den `username` und das `password` entgegenzunehmen.

OAuth2 spezifiziert, dass der Client/Benutzer bei Verwendung des „Password Flow“ (den wir verwenden) die Felder `username` und `password` als Formulardaten senden muss.

## Get the `username` and `password` { #get-the-username-and-password }

We are going to use **FastAPI** security utilities to get the `username` and `password`.

OAuth2 specifies that when using the "password flow" (that we are using) the client/user must send a `username` and `password` fields as form data.