{* ../../docs_src/request_form_models/tutorial002_an_py39.py hl[12] *}

클라이언트가 추가 데이터를 보내려고 하면 **오류** 응답을 받게 됩니다.

예를 들어, 클라이언트가 폼 필드를 보내려고 하면:

* `username`: `Rick`
* `password`: `Portal Gun`
* `extra`: `Mr. Poopybutthole`

`extra` 필드가 허용되지 않는다는 오류 응답을 받게 됩니다:

```json
{
    "detail": [
        {
            "type": "extra_forbidden",
            "loc": ["body", "extra"],

			lookupRes, groupDistNames, err := globalIAMSys.LDAPConfig.Bind(username, password)
			if err != nil {
				return false, err
			}
			ldapPolicies, _ := globalIAMSys.PolicyDBGet(lookupRes.NormDN, groupDistNames...)
			return len(ldapPolicies) > 0, nil
		}
		return subtle.ConstantTimeCompare([]byte(sa.Credentials.SecretKey), []byte(password)) == 1, nil
	}

	ui, ok := globalIAMSys.GetUser(context.Background(), username)

		{"a b", "url", "a+b"},
		{"p- ", "url", "p-+"},
		{"p-%", "url", "p-%25"},
		{"p/", "url", "p/"},
		{"p/", "url", "p/"},
		{"~user", "url", "%7Euser"},
		{"*user", "url", "*user"},
		{"user+password", "url", "user%2Bpassword"},
		{"_user", "url", "_user"},
		{"firstname.lastname", "url", "firstname.lastname"},
	}
	for i, testCase := range testCases {
		t.Run(fmt.Sprintf("Test%d", i+1), func(t *testing.T) {

But first, let's check some small concepts.

## In a hurry? { #in-a-hurry }

If you don't care about any of these terms and you just need to add security with authentication based on username and password *right now*, skip to the next chapters.

## OAuth2 { #oauth2 }

OAuth2 is a specification that defines several ways to handle authentication and authorization.

## Über Integrationen von Drittanbietern

In diesem Beispiel verwenden wir den OAuth2-Flow „Password“.

Das ist angemessen, wenn wir uns bei unserer eigenen Anwendung anmelden, wahrscheinlich mit unserem eigenen Frontend.

Weil wir darauf vertrauen können, dass es den `username` und das `password` erhält, welche wir kontrollieren.

    private static final String LOGIN_URL = "login_url";

    private static final String LOGIN_PARAMETERS = "login_parameters";

    private static final String PASSWORD = "${password}";

    private static final String USERNAME = "${username}";

    private final Map<String, String> parameterMap;

    /**
     * Constructs a FormScheme with the given parameter map.

        tikaExtractor.addPassword(".*hoge1.pdf", "password");
        tikaExtractor.addPassword("fuga.pdf", "PASSWORD");

        url = null;
        resourceName = null;
        assertNull(tikaExtractor.getPassword(createParams(url, resourceName)));

        url = "http://test.com/hoge1.pdf";
        resourceName = null;
        assertEquals("password", tikaExtractor.getPassword(createParams(url, resourceName)));

		key := split[0]
		value := ""
		if len(split) > 1 {
			value = split[1]
		}

		// Do not send sensitive creds.
		if _, ok := sensitive[key]; ok || strings.Contains(strings.ToLower(key), "password") || strings.HasSuffix(strings.ToLower(key), "key") {
			props.MinioEnvVars[key] = "*** EXISTS, REDACTED ***"
			continue
		}
		props.MinioEnvVars[key] = value
	}

	objLayer := newObjectLayerFn()

)

func init() {
	flag.StringVar(&stsEndpoint, "sts-ep", "http://localhost:9000", "STS endpoint")
	flag.StringVar(&minioUsername, "u", "", "MinIO Username")
	flag.StringVar(&minioPassword, "p", "", "MinIO Password")
	flag.BoolVar(&displayCreds, "d", false, "Only show generated credentials")
	flag.DurationVar(&expiryDuration, "e", 0, "Request a duration of validity for the generated credential")

::: fastapi.security.HTTPBasicCredentials

## OAuth2 Authentication

::: fastapi.security.OAuth2

::: fastapi.security.OAuth2AuthorizationCodeBearer

::: fastapi.security.OAuth2PasswordBearer

## OAuth2 Password Form

::: fastapi.security.OAuth2PasswordRequestForm

::: fastapi.security.OAuth2PasswordRequestFormStrict

## OAuth2 Security Scopes in Dependencies

::: fastapi.security.SecurityScopes