happyz
/
fastapi
mirror of https://github.com/tiangolo/fastapi.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

📝 Update includes in `docs/en/docs/advanced/security/oauth2-scopes.md` (#12572)

This commit is contained in:
Krishna Madhavan 2024-10-29 16:32:16 +05:30 committed by GitHub
parent c8f5755d0a
commit 268eac9e16
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 8 additions and 520 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

528
docs/en/docs/advanced/security/oauth2-scopes.md
View File

@ -62,71 +62,7 @@ For OAuth2 they are just strings.
First, let's quickly see the parts that change from the examples in the main **Tutorial - User Guide** for [OAuth2 with Password (and hashing), Bearer with JWT tokens](../../tutorial/security/oauth2-jwt.md){.internal-link target=_blank}. Now using OAuth2 scopes: First, let's quickly see the parts that change from the examples in the main **Tutorial - User Guide** for [OAuth2 with Password (and hashing), Bearer with JWT tokens](../../tutorial/security/oauth2-jwt.md){.internal-link target=_blank}. Now using OAuth2 scopes:
//// tab | Python 3.10+ {* ../../docs_src/security/tutorial005_an_py310.py hl[5,9,13,47,65,106,108:116,122:125,129:135,140,156] *}
```Python hl_lines="5 9 13 47 65 106 108-116 122-125 129-135 140 156"
{!> ../../docs_src/security/tutorial005_an_py310.py!}
```
////
//// tab | Python 3.9+
```Python hl_lines="2 5 9 13 47 65 106 108-116 122-125 129-135 140 156"
{!> ../../docs_src/security/tutorial005_an_py39.py!}
```
////
//// tab | Python 3.8+
```Python hl_lines="2 5 9 13 48 66 107 109-117 123-126 130-136 141 157"
{!> ../../docs_src/security/tutorial005_an.py!}
```
////
//// tab | Python 3.10+ non-Annotated
/// tip
Prefer to use the `Annotated` version if possible.
///
```Python hl_lines="4 8 12 46 64 105 107-115 121-124 128-134 139 155"
{!> ../../docs_src/security/tutorial005_py310.py!}
```
////
//// tab | Python 3.9+ non-Annotated
/// tip
Prefer to use the `Annotated` version if possible.
///
```Python hl_lines="2 5 9 13 47 65 106 108-116 122-125 129-135 140 156"
{!> ../../docs_src/security/tutorial005_py39.py!}
```
////
//// tab | Python 3.8+ non-Annotated
/// tip
Prefer to use the `Annotated` version if possible.
///
```Python hl_lines="2 5 9 13 47 65 106 108-116 122-125 129-135 140 156"
{!> ../../docs_src/security/tutorial005.py!}
```
////
Now let's review those changes step by step. Now let's review those changes step by step.
@ -136,71 +72,7 @@ The first change is that now we are declaring the OAuth2 security scheme with tw
The `scopes` parameter receives a `dict` with each scope as a key and the description as the value: The `scopes` parameter receives a `dict` with each scope as a key and the description as the value:
//// tab | Python 3.10+ {* ../../docs_src/security/tutorial005_an_py310.py hl[63:66] *}
```Python hl_lines="63-66"
{!> ../../docs_src/security/tutorial005_an_py310.py!}
```
////
//// tab | Python 3.9+
```Python hl_lines="63-66"
{!> ../../docs_src/security/tutorial005_an_py39.py!}
```
////
//// tab | Python 3.8+
```Python hl_lines="64-67"
{!> ../../docs_src/security/tutorial005_an.py!}
```
////
//// tab | Python 3.10+ non-Annotated
/// tip
Prefer to use the `Annotated` version if possible.
///
```Python hl_lines="62-65"
{!> ../../docs_src/security/tutorial005_py310.py!}
```
////
//// tab | Python 3.9+ non-Annotated
/// tip
Prefer to use the `Annotated` version if possible.
///
```Python hl_lines="63-66"
{!> ../../docs_src/security/tutorial005_py39.py!}
```
////
//// tab | Python 3.8+ non-Annotated
/// tip
Prefer to use the `Annotated` version if possible.
///
```Python hl_lines="63-66"
{!> ../../docs_src/security/tutorial005.py!}
```
////
Because we are now declaring those scopes, they will show up in the API docs when you log-in/authorize. Because we are now declaring those scopes, they will show up in the API docs when you log-in/authorize.
@ -226,71 +98,7 @@ But in your application, for security, you should make sure you only add the sco
/// ///
//// tab | Python 3.10+ {* ../../docs_src/security/tutorial005_an_py310.py hl[156] *}
```Python hl_lines="156"
{!> ../../docs_src/security/tutorial005_an_py310.py!}
```
////
//// tab | Python 3.9+
```Python hl_lines="156"
{!> ../../docs_src/security/tutorial005_an_py39.py!}
```
////
//// tab | Python 3.8+
```Python hl_lines="157"
{!> ../../docs_src/security/tutorial005_an.py!}
```
////
//// tab | Python 3.10+ non-Annotated
/// tip
Prefer to use the `Annotated` version if possible.
///
```Python hl_lines="155"
{!> ../../docs_src/security/tutorial005_py310.py!}
```
////
//// tab | Python 3.9+ non-Annotated
/// tip
Prefer to use the `Annotated` version if possible.
///
```Python hl_lines="156"
{!> ../../docs_src/security/tutorial005_py39.py!}
```
////
//// tab | Python 3.8+ non-Annotated
/// tip
Prefer to use the `Annotated` version if possible.
///
```Python hl_lines="156"
{!> ../../docs_src/security/tutorial005.py!}
```
////
## Declare scopes in *path operations* and dependencies ## Declare scopes in *path operations* and dependencies
@ -316,71 +124,7 @@ We are doing it here to demonstrate how **FastAPI** handles scopes declared at d
/// ///
//// tab | Python 3.10+ {* ../../docs_src/security/tutorial005_an_py310.py hl[5,140,171] *}
```Python hl_lines="5 140 171"
{!> ../../docs_src/security/tutorial005_an_py310.py!}
```
////
//// tab | Python 3.9+
```Python hl_lines="5 140 171"
{!> ../../docs_src/security/tutorial005_an_py39.py!}
```
////
//// tab | Python 3.8+
```Python hl_lines="5 141 172"
{!> ../../docs_src/security/tutorial005_an.py!}
```
////
//// tab | Python 3.10+ non-Annotated
/// tip
Prefer to use the `Annotated` version if possible.
///
```Python hl_lines="4 139 168"
{!> ../../docs_src/security/tutorial005_py310.py!}
```
////
//// tab | Python 3.9+ non-Annotated
/// tip
Prefer to use the `Annotated` version if possible.
///
```Python hl_lines="5 140 169"
{!> ../../docs_src/security/tutorial005_py39.py!}
```
////
//// tab | Python 3.8+ non-Annotated
/// tip
Prefer to use the `Annotated` version if possible.
///
```Python hl_lines="5 140 169"
{!> ../../docs_src/security/tutorial005.py!}
```
////
/// info | "Technical Details" /// info | "Technical Details"
@ -406,71 +150,7 @@ We also declare a special parameter of type `SecurityScopes`, imported from `fas
This `SecurityScopes` class is similar to `Request` (`Request` was used to get the request object directly). This `SecurityScopes` class is similar to `Request` (`Request` was used to get the request object directly).
//// tab | Python 3.10+ {* ../../docs_src/security/tutorial005_an_py310.py hl[9,106] *}
```Python hl_lines="9 106"
{!> ../../docs_src/security/tutorial005_an_py310.py!}
```
////
//// tab | Python 3.9+
```Python hl_lines="9 106"
{!> ../../docs_src/security/tutorial005_an_py39.py!}
```
////
//// tab | Python 3.8+
```Python hl_lines="9 107"
{!> ../../docs_src/security/tutorial005_an.py!}
```
////
//// tab | Python 3.10+ non-Annotated
/// tip
Prefer to use the `Annotated` version if possible.
///
```Python hl_lines="8 105"
{!> ../../docs_src/security/tutorial005_py310.py!}
```
////
//// tab | Python 3.9+ non-Annotated
/// tip
Prefer to use the `Annotated` version if possible.
///
```Python hl_lines="9 106"
{!> ../../docs_src/security/tutorial005_py39.py!}
```
////
//// tab | Python 3.8+ non-Annotated
/// tip
Prefer to use the `Annotated` version if possible.
///
```Python hl_lines="9 106"
{!> ../../docs_src/security/tutorial005.py!}
```
////
## Use the `scopes` ## Use the `scopes`
@ -484,71 +164,7 @@ We create an `HTTPException` that we can reuse (`raise`) later at several points
In this exception, we include the scopes required (if any) as a string separated by spaces (using `scope_str`). We put that string containing the scopes in the `WWW-Authenticate` header (this is part of the spec). In this exception, we include the scopes required (if any) as a string separated by spaces (using `scope_str`). We put that string containing the scopes in the `WWW-Authenticate` header (this is part of the spec).
//// tab | Python 3.10+ {* ../../docs_src/security/tutorial005_an_py310.py hl[106,108:116] *}
```Python hl_lines="106 108-116"
{!> ../../docs_src/security/tutorial005_an_py310.py!}
```
////
//// tab | Python 3.9+
```Python hl_lines="106 108-116"
{!> ../../docs_src/security/tutorial005_an_py39.py!}
```
////
//// tab | Python 3.8+
```Python hl_lines="107 109-117"
{!> ../../docs_src/security/tutorial005_an.py!}
```
////
//// tab | Python 3.10+ non-Annotated
/// tip
Prefer to use the `Annotated` version if possible.
///
```Python hl_lines="105 107-115"
{!> ../../docs_src/security/tutorial005_py310.py!}
```
////
//// tab | Python 3.9+ non-Annotated
/// tip
Prefer to use the `Annotated` version if possible.
///
```Python hl_lines="106 108-116"
{!> ../../docs_src/security/tutorial005_py39.py!}
```
////
//// tab | Python 3.8+ non-Annotated
/// tip
Prefer to use the `Annotated` version if possible.
///
```Python hl_lines="106 108-116"
{!> ../../docs_src/security/tutorial005.py!}
```
////
## Verify the `username` and data shape ## Verify the `username` and data shape
@ -564,71 +180,7 @@ Instead of, for example, a `dict`, or something else, as it could break the appl
We also verify that we have a user with that username, and if not, we raise that same exception we created before. We also verify that we have a user with that username, and if not, we raise that same exception we created before.
//// tab | Python 3.10+ {* ../../docs_src/security/tutorial005_an_py310.py hl[47,117:128] *}
```Python hl_lines="47 117-128"
{!> ../../docs_src/security/tutorial005_an_py310.py!}
```
////
//// tab | Python 3.9+
```Python hl_lines="47 117-128"
{!> ../../docs_src/security/tutorial005_an_py39.py!}
```
////
//// tab | Python 3.8+
```Python hl_lines="48 118-129"
{!> ../../docs_src/security/tutorial005_an.py!}
```
////
//// tab | Python 3.10+ non-Annotated
/// tip
Prefer to use the `Annotated` version if possible.
///
```Python hl_lines="46 116-127"
{!> ../../docs_src/security/tutorial005_py310.py!}
```
////
//// tab | Python 3.9+ non-Annotated
/// tip
Prefer to use the `Annotated` version if possible.
///
```Python hl_lines="47 117-128"
{!> ../../docs_src/security/tutorial005_py39.py!}
```
////
//// tab | Python 3.8+ non-Annotated
/// tip
Prefer to use the `Annotated` version if possible.
///
```Python hl_lines="47 117-128"
{!> ../../docs_src/security/tutorial005.py!}
```
////
## Verify the `scopes` ## Verify the `scopes`
@ -636,71 +188,7 @@ We now verify that all the scopes required, by this dependency and all the depen
For this, we use `security_scopes.scopes`, that contains a `list` with all these scopes as `str`. For this, we use `security_scopes.scopes`, that contains a `list` with all these scopes as `str`.
//// tab | Python 3.10+ {* ../../docs_src/security/tutorial005_an_py310.py hl[129:135] *}
```Python hl_lines="129-135"
{!> ../../docs_src/security/tutorial005_an_py310.py!}
```
////
//// tab | Python 3.9+
```Python hl_lines="129-135"
{!> ../../docs_src/security/tutorial005_an_py39.py!}
```
////
//// tab | Python 3.8+
```Python hl_lines="130-136"
{!> ../../docs_src/security/tutorial005_an.py!}
```
////
//// tab | Python 3.10+ non-Annotated
/// tip
Prefer to use the `Annotated` version if possible.
///
```Python hl_lines="128-134"
{!> ../../docs_src/security/tutorial005_py310.py!}
```
////
//// tab | Python 3.9+ non-Annotated
/// tip
Prefer to use the `Annotated` version if possible.
///
```Python hl_lines="129-135"
{!> ../../docs_src/security/tutorial005_py39.py!}
```
////
//// tab | Python 3.8+ non-Annotated
/// tip
Prefer to use the `Annotated` version if possible.
///
```Python hl_lines="129-135"
{!> ../../docs_src/security/tutorial005.py!}
```
////
## Dependency tree and scopes ## Dependency tree and scopes