{!../../docs_src/security/tutorial005.py!}
```

↩️ 👥 🔜 📣 📚 ↔, 👫 🔜 🎦 🆙 🛠️ 🩺 🕐❔ 👆 🕹-/✔.

& 👆 🔜 💪 🖊 ❔ ↔ 👆 💚 🤝 🔐: `me` & `items`.

👉 🎏 🛠️ ⚙️ 🕐❔ 👆 🤝 ✔ ⏪ 🚨 ⏮️ 👱📔, 🇺🇸🔍, 📂, ♒️:

<img src="/img/tutorial/security/image11.png">

## 🥙 🤝 ⏮️ ↔

🔜, 🔀 🤝 *➡ 🛠️* 📨 ↔ 📨.

👥 ⚙️ 🎏 `OAuth2PasswordRequestForm`. ⚫️ 🔌 🏠 `scopes` ⏮️ `list` `str`, ⏮️ 🔠 ↔ ⚫️ 📨 📨.

&amp; 👥 📨 ↔ 🍕 🥙 🤝.

@com_github_googlecloudplatform_google_cloud_cpp//google
@com_github_grpc_grpc//src/compiler
@platforms//os
@ruy//
@rules_python//
@stablehlo//stablehlo/experimental
EOF

  # grep patterns for targets which are allowed to be extra licenses
  cat > $BATS_TEST_TMPDIR/allowed_to_be_extra <<EOF
//third_party/mkl
//third_party/mkl_dnn
@absl_py//
@bazel_tools//src
@bazel_tools//platforms
@bazel_tools//tools/
@org_tensorflow//tensorflow

### Check it

Once you go to <a href="http://127.0.0.1:8000/redoc" class="external-link" target="_blank">http://127.0.0.1:8000/redoc</a> you will see that you are using your custom logo (in this example, **FastAPI**'s logo):

# runc is Apache 2.0: https://github.com/opencontainers/runc/blob/master/LICENSE
# but it contains BSD dep which our linter fails to understand: https://github.com/opencontainers/runc/blob/v0.1.1/Godeps/_workspace/src/github.com/golang/protobuf/LICENSE
- github.com/opencontainers/runc

# MIT: https://github.com/felixge/fgprof/blob/master/LICENSE.txt
- github.com/felixge/fgprof

# Apache 2.0
- github.com/google/pprof

// requires its type (e.g. "AddV2") to be set independently.
TF_AbstractOp* TF_NewAbstractOp(TF_ExecutionContext* ctx);
void TF_DeleteAbstractOp(TF_AbstractOp*);

// TODO(srbs): Add APIs for specifying attrs etc.
// `op_type` must outlive `op`.
void TF_AbstractOpSetOpType(TF_AbstractOp* op, const char* const op_type,
                            TF_Status* s);
// `op_name` must outlive `op`.

## Verifique os Documentos

Você pode ver os parâmetros de consulta nos documentos de IU em `/docs`:

<div class="screenshot">
<img src="/img/tutorial/query-param-models/image01.png">
</div>

## Restrinja Parâmetros de Consulta Extras

</div>

Então, vá para a interface `/docs`, você verá que o **FastAPI** está usando esses **modelos** para **documentar** a API, e ele também os usará para **serializar** e **validar** os dados.

<div class="screenshot">
<img src="/img/tutorial/sql-databases/image01.png">
</div>

## Atualizar o App com Múltiplos Modelos

Agora vamos **refatorar** este app um pouco para aumentar a **segurança** e **versatilidade**.

```Python hl_lines="62-65"
{!../../docs_src/security/tutorial005.py!}
```

因为声明了作用域，所以登录或授权时会在 API 文档中显示。

此处，选择给予访问权限的作用域： `me` 和 `items`。

这也是使用脸书、谷歌、GitHub 登录时的授权机制。

<img src="/img/tutorial/security/image11.png">

## JWT 令牌作用域

现在，修改令牌*路径操作*，返回请求的作用域。

此处仍然使用 `OAuth2PasswordRequestForm`。它包含类型为**字符串列表**的 `scopes` 属性，且`scopes` 属性中包含要在请求里接收的每个作用域。

这样，返回的 JWT 令牌中就包含了作用域。

build:libtensorflow_build -- //tensorflow/tools/lib_package:libtensorflow.tar.gz //tensorflow/tools/lib_package:libtensorflow_jni.tar.gz //tensorflow/java:libtensorflow.jar //tensorflow/java:libtensorflow-src.jar //tensorflow/tools/lib_package:libtensorflow_proto.zip

# For continuous builds
test:pycpp_filters --test_tag_filters=-no_oss,-oss_serial,-gpu,-tpu,-benchmark-test,-v1only,-no_aarch64,-no_oss_py38,-no_oss_py39,-no_oss_py310

.dev.js"===e.slice(-7)?h:"")],g):(f.type="text/javascript",f.onload=g,f.src=e+(".dev.js"===e.slice(-7)?h:""),f.onerror=function(){a.formUtils.warn("Unable to load form validation module "+e,!0),g()},f.onreadystatechange=function(){"complete"!==this.readyState&&"loaded"!==this.readyState||(g(),this.onload=null,this.onreadystatechange=null)},i.appendChild(f))}})};if(c)e(b,c);else{var f=function(){var c=!1;return a('script[src*="form-validator"]').each(function(){var a=this.src.split("form-validato...