From fa3588c38c7473aca7536b12d686102de4b0f407 Mon Sep 17 00:00:00 2001
From: Kadir Can Ozden <101993364+bysiber@users.noreply.github.com>
Date: Tue, 24 Mar 2026 19:32:10 +0300
Subject: [PATCH] =?UTF-8?q?=E2=9C=8F=EF=B8=8F=20Fix=20typo=20for=20`client?=
 =?UTF-8?q?=5Fsecret`=20in=20OAuth2=20form=20docstrings=20(#14946)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 fastapi/security/oauth2.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/fastapi/security/oauth2.py b/fastapi/security/oauth2.py
index 42674b476..3fd9e41eb 100644
--- a/fastapi/security/oauth2.py
+++ b/fastapi/security/oauth2.py
@@ -143,7 +143,7 @@ class OAuth2PasswordRequestForm:
             Form(json_schema_extra={"format": "password"}),
             Doc(
                 """
-                If there's a `client_password` (and a `client_id`), they can be sent
+                If there's a `client_secret` (and a `client_id`), they can be sent
                 as part of the form fields. But the OAuth2 specification recommends
                 sending the `client_id` and `client_secret` (if any) using HTTP Basic
                 auth.
@@ -309,7 +309,7 @@ class OAuth2PasswordRequestFormStrict(OAuth2PasswordRequestForm):
             Form(),
             Doc(
                 """
-                If there's a `client_password` (and a `client_id`), they can be sent
+                If there's a `client_secret` (and a `client_id`), they can be sent
                 as part of the form fields. But the OAuth2 specification recommends
                 sending the `client_id` and `client_secret` (if any) using HTTP Basic
                 auth.