this.host = host;
    }

    /**
     * Get user's password used to log in to proxy server.
     *
     * @return user's password at proxy host
     */
    public String getPassword() {
        return password;
    }

    /**
     * Set the user's password for the proxy server.
     *
     * @param password password to use to log in to a proxy server
     */

                    "title": "Body_login_login__post",
                    "required": ["username", "password"],
                    "type": "object",
                    "properties": {
                        "username": {"title": "Username", "type": "string"},
                        "password": {"title": "Password", "type": "string"},
                    },
                },
                "ValidationError": {

     * @param targetName
     *            SPN of the target system, optional
     * @param passwordHash
     *            The NT password hash, takes precedence over password (which is no longer required unless legacy LM
     *            authentication is needed)
     * @param password
     *            The password to use when constructing the response.
     * @param domain
     *            The domain in which the user has an account.

    mod = importlib.import_module(f"docs_src.security.{request.param}")

    return mod


def get_access_token(
    *, username="johndoe", password="secret", scope=None, client: TestClient
):
    data = {"username": username, "password": password}
    if scope:
        data["scope"] = scope
    response = client.post("/token", data=data)
    content = response.json()
    access_token = content.get("access_token")

# Simple OAuth2 with Password and Bearer { #simple-oauth2-with-password-and-bearer }

Now let's build from the previous chapter and add the missing parts to have a complete security flow.

## Get the `username` and `password` { #get-the-username-and-password }

We are going to use **FastAPI** security utilities to get the `username` and `password`.

    }

    /**
     * Returns the password.
     * @return The password.
     */
    public String getPassword() {
        return password;
    }

    /**
     * Sets the password.
     * @param password The password.
     */
    public void setPassword(final String password) {
        this.password = password;
    }

    /**
     * Returns the domain.

     * @param password the password to authenticate with
     */
    public NtlmPasswordAuthentication(final CIFSContext tc, final String domain, final String username, final String password) {
        super(domain != null ? domain : tc.getConfig().getDefaultDomain(),
                username != null ? username : tc.getConfig().getDefaultUsername() != null ? tc.getConfig().getDefaultUsername() : "GUEST",

            server = server.clone();

            String password = server.getPassword();
            if (securityDispatcher.isAnyEncryptedString(password)) {
                try {
                    if (securityDispatcher.isLegacyEncryptedString(password)) {
                        problems.add(new DefaultSettingsProblem(
                                "Pre-Maven 4 legacy encrypted password detected for server " + server.getId()

class OAuth2PasswordRequestForm:
    """
    This is a dependency class to collect the `username` and `password` as form data
    for an OAuth2 password flow.

    The OAuth2 specification dictates that for a password flow the data should be
    collected using form data (instead of JSON) and that it should have the specific
    fields `username` and `password`.

    All the initialization parameters are extracted from the request.

     */
    void delete(User user);

    /**
     * Changes the password for the specified user.
     * @param username The username for which to change the password.
     * @param password The new password.
     * @return True if the password was successfully changed, false otherwise.
     */
    boolean changePassword(String username, String password);

    /**
     * Loads user information from the authentication chain.