- 匯入 `HTTPBasic` 與 `HTTPBasicCredentials`。
- 使用 `HTTPBasic` 建立一個「`security` scheme」。
- 在你的*路徑操作*中以依賴的方式使用該 `security`。
- 它會回傳一個 `HTTPBasicCredentials` 型別的物件：
    - 其中包含傳來的 `username` 與 `password`。

{* ../../docs_src/security/tutorial006_an_py310.py hl[4,8,12] *}

當你第一次嘗試開啟該 URL（或在文件中點擊 "Execute" 按鈕）時，瀏覽器會要求輸入你的使用者名稱與密碼：

<img src="/img/tutorial/security/image12.png">

## 檢查使用者名稱 { #check-the-username }

以下是一個更完整的範例。

from fastapi import Depends, FastAPI, Security
from fastapi.security import APIKeyHeader
from fastapi.testclient import TestClient
from inline_snapshot import snapshot
from pydantic import BaseModel

app = FastAPI()

api_key = APIKeyHeader(name="key", auto_error=False)


class User(BaseModel):
    username: str


def get_current_user(oauth_header: str | None = Security(api_key)):
    if oauth_header is None:
        return None

the identity of the caller is validated by using a JWT access token from the identity provider. The temporary security credentials returned by this API consists of an access key, a secret key, and a security token. Applications can use these temporary security credentials to sign calls to MinIO API operations.

By default, the temporary security credentials created by AssumeRoleWithClientGrants last for one hour. However, use the optional DurationSeconds parameter to specify the duration of the...

    }

    @Test
    void testGetSecurityWithValidSecurityDescriptor() throws Exception {
        // Setup mock ShareInfo502 with a minimal valid security descriptor
        srvsvc.ShareInfo502 info502 = new srvsvc.ShareInfo502();
        // Create a minimal valid security descriptor binary
        // Format: revision(1) + sbz1(1) + control(2) + ownerOffset(4) + groupOffset(4) + saclOffset(4) + daclOffset(4) = 20 bytes minimum

        assertTrue(true);
    }

    @Test
    public void test_securitySettings_allowBasic() throws Exception {
        // Test that ALLOW_BASIC security setting can be accessed
        // This verifies the security warnings are properly documented in code
        SpnegoAuthenticator authenticator = new SpnegoAuthenticator();
        assertNotNull(authenticator);

{* ../../docs_src/security/tutorial002_an_py310.py hl[25] *}

## 获取用户 { #get-the-user }

`get_current_user` 使用创建的（伪）工具函数，该函数接收 `str` 类型的令牌，并返回 Pydantic 的 `User` 模型：

{* ../../docs_src/security/tutorial002_an_py310.py hl[19:22,26:27] *}

## 注入当前用户 { #inject-the-current-user }

在*路径操作* 的 `Depends` 中使用 `get_current_user`：

{* ../../docs_src/security/tutorial002_an_py310.py hl[31] *}

        assertNull(response.getSecurityDescriptor());
    }

    @Test
    @DisplayName("Test readDataWireFormat with valid security descriptor")
    void testReadDataWireFormatWithValidSecurityDescriptor() throws Exception {
        // Create a minimal valid security descriptor buffer
        byte[] buffer = createValidSecurityDescriptorBuffer();

        // Set error code to 0
        setErrorCode(response, 0);

from fastapi import Depends, FastAPI, Security
from fastapi.security import APIKeyCookie
from fastapi.testclient import TestClient
from inline_snapshot import snapshot
from pydantic import BaseModel

app = FastAPI()

api_key = APIKeyCookie(name="key")


class User(BaseModel):
    username: str


def get_current_user(oauth_header: str = Security(api_key)):
    user = User(username=oauth_header)
    return user

from fastapi.security import OAuth2AuthorizationCodeBearer
from fastapi.testclient import TestClient
from inline_snapshot import snapshot

app = FastAPI()

oauth2_scheme = OAuth2AuthorizationCodeBearer(
    authorizationUrl="authorize",
    tokenUrl="token",
    description="OAuth2 Code Bearer",
    auto_error=True,
)


@app.get("/items/")
async def read_items(token: str | None = Security(oauth2_scheme)):

from fastapi import FastAPI, Security
from fastapi.security import OAuth2PasswordBearer
from fastapi.testclient import TestClient
from inline_snapshot import snapshot

app = FastAPI()

oauth2_scheme = OAuth2PasswordBearer(tokenUrl="/token", auto_error=False)


@app.get("/items/")
async def read_items(token: str | None = Security(oauth2_scheme)):
    if token is None:
        return {"msg": "Create an account first"}
    return {"token": token}