當我們登入自己的應用（可能也有自己的前端）時，這是合適的。

因為我們可以信任它接收 `username` 與 `password`，因為我們掌控它。

但如果你要打造一個讓他人連接的 OAuth2 應用（也就是你要建立一個相當於 Facebook、Google、GitHub 等的身分驗證提供者），你應該使用其他流程之一。

最常見的是 Implicit Flow（隱式流程）。

最安全的是 Authorization Code Flow（授權碼流程），但它需要更多步驟、實作也更複雜。因為較複雜，許多提供者最後會建議使用隱式流程。

/// note

很常見的是，每個身分驗證提供者會用不同的方式命名他們的流程，讓它成為品牌的一部分。

但最終，他們實作的都是相同的 OAuth2 標準。

///

        assertDoesNotThrow(() -> spiedConnection.getInputStream());
    }

    /**
     * Test a successful NTLM authentication handshake.
     * This is a simplified test that verifies the basic flow without full NTLM protocol simulation.
     * @throws IOException
     * @throws SecurityException
     */
    @Test
    void testSuccessfulHandshake() throws IOException, SecurityException {

    full_name = user_dict["full_name"],
    hashed_password = hashed_password,
)
```

/// warning

The supporting additional functions `fake_password_hasher` and `fake_save_user` are just to demo a possible flow of the data, but they of course are not providing any real security.

///

## Reduce duplication { #reduce-duplication }

Reducing code duplication is one of the core ideas in **FastAPI**.

        }
    }

    /**
     * Processes a streaming chat request using Server-Sent Events (SSE).
     * Uses the enhanced multi-phase RAG flow with intent detection and result evaluation.
     *
     * @param request the HTTP request
     * @param response the HTTP response
     * @throws IOException if an I/O error occurs
     */

            <option value="$PROJECT_DIR$/platforms/core-configuration/configuration-problems-base" />
            <option value="$PROJECT_DIR$/platforms/core-configuration/core-flow-services-api" />
            <option value="$PROJECT_DIR$/platforms/core-configuration/core-kotlin-extensions" />
            <option value="$PROJECT_DIR$/platforms/core-configuration/core-serialization-codecs" />

            ctx.verifyMIC(new byte[] { 5 }, mic);
            ctx.isMICAvailable();
            ctx.dispose();
        }

        @Test
        @DisplayName("Verifies calls and argument flow across methods")
        void testInteractions() throws Exception {
            // Arrange
            when(mockCtx.getSigningKey()).thenReturn(new byte[] { 7 });
            when(mockCtx.isEstablished()).thenReturn(true);

* Глубокое обучение
* Машинное обучение
* Внедрение зависимостей
* Аутентификация HTTP Basic
* HTTP Digest
* формат ISO
* стандарт JSON Schema
* JSON-схема
* определение схемы
* password flow
* Мобильный

* устаревший
* спроектированный
* некорректный
* на лету
* стандарт
* по умолчанию
* чувствительный к регистру
* нечувствительный к регистру

* отдавать приложение

## `username` ve `password`’ü Alma { #get-the-username-and-password }

`username` ve `password`’ü almak için **FastAPI** security yardımcı araçlarını kullanacağız.

OAuth2, (bizim kullandığımız) "password flow" kullanılırken client/kullanıcının form verisi olarak `username` ve `password` alanlarını göndermesi gerektiğini belirtir.

import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpSession;

/**
 * Microsoft Entra ID SSO authenticator implementation.
 * Handles OAuth2/OpenID Connect authentication flow with Entra ID.
 */
public class EntraIdAuthenticator implements SsoAuthenticator {

    private static final Logger logger = LogManager.getLogger(EntraIdAuthenticator.class);

    /**

## Version 3.14.3

_2019-09-10_

 *  Fix: Don't lose HTTP/2 flow control bytes when incoming data races with a stream close. If this
    happened enough then eventually the connection would stall.

 *  Fix: Acknowledge and apply inbound HTTP/2 settings atomically. Previously we had a race where we
    could use new flow control capacity before acknowledging it, causing strict HTTP/2 servers to
    fail the call.