From 2c09b634e9cedfad7da04a6d43fbc033ab3b4cf1 Mon Sep 17 00:00:00 2001
From: Kadir Can Ozden <101993364+bysiber@users.noreply.github.com>
Date: Fri, 20 Feb 2026 03:19:52 +0300
Subject: [PATCH] =?UTF-8?q?=E2=9C=8F=EF=B8=8F=20Fix=20`client=5Fpassword`?=
 =?UTF-8?q?=20typo=20in=20OAuth2=20form=20docstrings?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 fastapi/security/oauth2.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/fastapi/security/oauth2.py b/fastapi/security/oauth2.py
index 661043ce7b..4589c6783c 100644
--- a/fastapi/security/oauth2.py
+++ b/fastapi/security/oauth2.py
@@ -143,7 +143,7 @@ class OAuth2PasswordRequestForm:
             Form(json_schema_extra={"format": "password"}),
             Doc(
                 """
-                If there's a `client_password` (and a `client_id`), they can be sent
+                If there's a `client_secret` (and a `client_id`), they can be sent
                 as part of the form fields. But the OAuth2 specification recommends
                 sending the `client_id` and `client_secret` (if any) using HTTP Basic
                 auth.
@@ -309,7 +309,7 @@ class OAuth2PasswordRequestFormStrict(OAuth2PasswordRequestForm):
             Form(),
             Doc(
                 """
-                If there's a `client_password` (and a `client_id`), they can be sent
+                If there's a `client_secret` (and a `client_id`), they can be sent
                 as part of the form fields. But the OAuth2 specification recommends
                 sending the `client_id` and `client_secret` (if any) using HTTP Basic
                 auth.