///

## Sobre "Campos de formulario" { #about-form-fields }

La manera en que los formularios HTML (`<form></form>`) envían los datos al servidor normalmente usa una codificación "especial" para esos datos, es diferente de JSON.

**FastAPI** se encargará de leer esos datos del lugar correcto en lugar de JSON.

/// note | Detalles técnicos

///

## About "Form Fields" { #about-form-fields }

The way HTML forms (`<form></form>`) sends the data to the server normally uses a "special" encoding for that data, it's different from JSON.

**FastAPI** will make sure to read that data from the right place instead of JSON.

/// note | Technical Details

Aber konzentrieren wir uns zunächst auf die spezifischen Details, die wir benötigen.

///

{* ../../docs_src/security/tutorial003_an_py310.py hl[87] *}

/// tip | Tipp

Gemäß der Spezifikation sollten Sie ein JSON mit einem `access_token` und einem `token_type` zurückgeben, genau wie in diesem Beispiel.

/// tip

In the next chapter, you will see a real secure implementation, with password hashing and <abbr title="JSON Web Tokens">JWT</abbr> tokens.

But for now, let's focus on the specific details we need.

///

{* ../../docs_src/security/tutorial003_an_py310.py hl[87] *}

/// tip

By the spec, you should return a JSON with an `access_token` and a `token_type`, the same as in this example.

Pero por ahora, enfoquémonos en los detalles específicos que necesitamos.

///

{* ../../docs_src/security/tutorial003_an_py310.py hl[87] *}

/// tip | Consejo

De acuerdo con la especificación, deberías devolver un JSON con un `access_token` y un `token_type`, igual que en este ejemplo.

// along with this program.  If not, see <http://www.gnu.org/licenses/>.

package cmd

import (
	"bytes"
	"encoding/base64"
	"encoding/json"
	"encoding/xml"
	"errors"
	"fmt"
	"io"
	"net/http"
	"strings"
	"time"

	jsoniter "github.com/json-iterator/go"
	"github.com/klauspost/compress/zip"
	"github.com/minio/kms-go/kes"
	"github.com/minio/madmin-go/v3"
	"github.com/minio/minio-go/v7/pkg/tags"

// Identity represents access key who caused the event.
type Identity struct {
	Type        string `json:"type"`
	PrincipalID string `json:"principalId"`
	AccessKeyID string `json:"accessKeyId"`
}

// UserRequest user request headers
type UserRequest struct {
	URL     string      `json:"url"`
	Headers http.Header `json:"headers"`
}

// GetObjectContext provides the necessary details to perform

		// U+2029 is PARAGRAPH SEPARATOR.
		// They are both technically valid characters in JSON strings,
		// but don't work in JSONP, which has to be evaluated as JavaScript,
		// and can lead to security holes there. It is valid JSON to
		// escape them, so we do so unconditionally.
		// See http://timelessrepo.com/json-isnt-a-javascript-subset for discussion.
		if c == '\u2028' || c == '\u2029' {
			if start < i {

    response = client.get(path)
    assert response.status_code == 200
    assert response.json() == expected_json


def test_openapi_schema(client: TestClient):
    response = client.get("/openapi.json")
    assert response.status_code == 200
    assert response.json() == {
        "openapi": "3.1.0",
        "info": {"title": "FastAPI", "version": "0.1.0"},
        "paths": {

    response = client.get(path)
    assert response.status_code == 200
    assert response.json() == expected_json


def test_openapi_schema(client: TestClient):
    response = client.get("/openapi.json")
    assert response.status_code == 200
    assert response.json() == {
        "openapi": "3.1.0",
        "info": {"title": "FastAPI", "version": "0.1.0"},
        "paths": {