11 KiB
Oauth2️⃣ ↔
👆 💪 ⚙️ Oauth2️⃣ ↔ 🔗 ⏮️ FastAPI, 👫 🛠️ 👷 💎.
👉 🔜 ✔ 👆 ✔️ 🌖 👌-🧽 ✔ ⚙️, 📄 Oauth2️⃣ 🐩, 🛠️ 🔘 👆 🗄 🈸 (& 🛠️ 🩺).
Oauth2️⃣ ⏮️ ↔ 🛠️ ⚙️ 📚 🦏 🤝 🐕🦺, 💖 👱📔, 🇺🇸🔍, 📂, 🤸♂, 👱📔, ♒️. 👫 ⚙️ ⚫️ 🚚 🎯 ✔ 👩💻 & 🈸.
🔠 🕰 👆 "🕹 ⏮️" 👱📔, 🇺🇸🔍, 📂, 🤸♂, 👱📔, 👈 🈸 ⚙️ Oauth2️⃣ ⏮️ ↔.
👉 📄 👆 🔜 👀 ❔ 🛠️ 🤝 & ✔ ⏮️ 🎏 Oauth2️⃣ ⏮️ ↔ 👆 FastAPI 🈸.
/// warning
👉 🌅 ⚖️ 🌘 🏧 📄. 🚥 👆 ▶️, 👆 💪 🚶 ⚫️.
👆 🚫 🎯 💪 Oauth2️⃣ ↔, & 👆 💪 🍵 🤝 & ✔ 👐 👆 💚.
✋️ Oauth2️⃣ ⏮️ ↔ 💪 🎆 🛠️ 🔘 👆 🛠️ (⏮️ 🗄) & 👆 🛠️ 🩺.
👐, 👆 🛠️ 📚 ↔, ⚖️ 🙆 🎏 💂♂/✔ 📄, 👐 👆 💪, 👆 📟.
📚 💼, Oauth2️⃣ ⏮️ ↔ 💪 👹.
✋️ 🚥 👆 💭 👆 💪 ⚫️, ⚖️ 👆 😟, 🚧 👂.
///
Oauth2️⃣ ↔ & 🗄
Oauth2️⃣ 🔧 🔬 "↔" 📇 🎻 🎏 🚀.
🎚 🔠 👉 🎻 💪 ✔️ 🙆 📁, ✋️ 🔜 🚫 🔌 🚀.
👫 ↔ 🎨 "✔".
🗄 (✅ 🛠️ 🩺), 👆 💪 🔬 "💂♂ ⚖".
🕐❔ 1️⃣ 👫 💂♂ ⚖ ⚙️ Oauth2️⃣, 👆 💪 📣 & ⚙️ ↔.
🔠 "↔" 🎻 (🍵 🚀).
👫 🛎 ⚙️ 📣 🎯 💂♂ ✔, 🖼:
users:read⚖️users:write⚠ 🖼.instagram_basic⚙️ 👱📔 / 👱📔.https://www.googleapis.com/auth/drive⚙️ 🇺🇸🔍.
/// info
Oauth2️⃣ "↔" 🎻 👈 📣 🎯 ✔ ✔.
⚫️ 🚫 🤔 🚥 ⚫️ ✔️ 🎏 🦹 💖 : ⚖️ 🚥 ⚫️ 📛.
👈 ℹ 🛠️ 🎯.
Oauth2️⃣ 👫 🎻.
///
🌐 🎑
🥇, ➡️ 🔜 👀 🍕 👈 🔀 ⚪️➡️ 🖼 👑 🔰 - 👩💻 🦮 Oauth2️⃣ ⏮️ 🔐 (& 🔁), 📨 ⏮️ 🥙 🤝{.internal-link target=_blank}. 🔜 ⚙️ Oauth2️⃣ ↔:
{* ../../docs_src/security/tutorial005.py hl[2,4,8,12,46,64,105,107:115,121:125,129:135,140,156] *}
🔜 ➡️ 📄 👈 🔀 🔁 🔁.
Oauth2️⃣ 💂♂ ⚖
🥇 🔀 👈 🔜 👥 📣 Oauth2️⃣ 💂♂ ⚖ ⏮️ 2️⃣ 💪 ↔, me & items.
scopes 🔢 📨 dict ⏮️ 🔠 ↔ 🔑 & 📛 💲:
{* ../../docs_src/security/tutorial005.py hl[62:65] *}
↩️ 👥 🔜 📣 📚 ↔, 👫 🔜 🎦 🆙 🛠️ 🩺 🕐❔ 👆 🕹-/✔.
& 👆 🔜 💪 🖊 ❔ ↔ 👆 💚 🤝 🔐: me & items.
👉 🎏 🛠️ ⚙️ 🕐❔ 👆 🤝 ✔ ⏪ 🚨 ⏮️ 👱📔, 🇺🇸🔍, 📂, ♒️:
🥙 🤝 ⏮️ ↔
🔜, 🔀 🤝 ➡ 🛠️ 📨 ↔ 📨.
👥 ⚙️ 🎏 OAuth2PasswordRequestForm. ⚫️ 🔌 🏠 scopes ⏮️ list str, ⏮️ 🔠 ↔ ⚫️ 📨 📨.
& 👥 📨 ↔ 🍕 🥙 🤝.
/// danger
🦁, 📥 👥 ❎ ↔ 📨 🔗 🤝.
✋️ 👆 🈸, 💂♂, 👆 🔜 ⚒ 💭 👆 🕴 🚮 ↔ 👈 👩💻 🤙 💪 ✔️, ⚖️ 🕐 👆 ✔️ 🔁.
///
{* ../../docs_src/security/tutorial005.py hl[156] *}
📣 ↔ ➡ 🛠️ & 🔗
🔜 👥 📣 👈 ➡ 🛠️ /users/me/items/ 🚚 ↔ items.
👉, 👥 🗄 & ⚙️ Security ⚪️➡️ fastapi.
👆 💪 ⚙️ Security 📣 🔗 (💖 Depends), ✋️ Security 📨 🔢 scopes ⏮️ 📇 ↔ (🎻).
👉 💼, 👥 🚶♀️ 🔗 🔢 get_current_active_user Security (🎏 🌌 👥 🔜 ⏮️ Depends).
✋️ 👥 🚶♀️ list ↔, 👉 💼 ⏮️ 1️⃣ ↔: items (⚫️ 💪 ✔️ 🌅).
& 🔗 🔢 get_current_active_user 💪 📣 🎧-🔗, 🚫 🕴 ⏮️ Depends ✋️ ⏮️ Security. 📣 🚮 👍 🎧-🔗 🔢 (get_current_user), & 🌖 ↔ 📄.
👉 💼, ⚫️ 🚚 ↔ me (⚫️ 💪 🚚 🌅 🌘 1️⃣ ↔).
/// note
👆 🚫 🎯 💪 🚮 🎏 ↔ 🎏 🥉.
👥 🔨 ⚫️ 📥 🎦 ❔ FastAPI 🍵 ↔ 📣 🎏 🎚.
///
{* ../../docs_src/security/tutorial005.py hl[4,140,169] *}
/// info | 📡 ℹ
Security 🤙 🏿 Depends, & ⚫️ ✔️ 1️⃣ ➕ 🔢 👈 👥 🔜 👀 ⏪.
✋️ ⚙️ Security ↩️ Depends, FastAPI 🔜 💭 👈 ⚫️ 💪 📣 💂♂ ↔, ⚙️ 👫 🔘, & 📄 🛠️ ⏮️ 🗄.
✋️ 🕐❔ 👆 🗄 Query, Path, Depends, Security & 🎏 ⚪️➡️ fastapi, 👈 🤙 🔢 👈 📨 🎁 🎓.
///
⚙️ SecurityScopes
🔜 ℹ 🔗 get_current_user.
👉 1️⃣ ⚙️ 🔗 🔛.
📥 👥 ⚙️ 🎏 Oauth2️⃣ ⚖ 👥 ✍ ⏭, 📣 ⚫️ 🔗: oauth2_scheme.
↩️ 👉 🔗 🔢 🚫 ✔️ 🙆 ↔ 📄 ⚫️, 👥 💪 ⚙️ Depends ⏮️ oauth2_scheme, 👥 🚫 ✔️ ⚙️ Security 🕐❔ 👥 🚫 💪 ✔ 💂♂ ↔.
👥 📣 🎁 🔢 🆎 SecurityScopes, 🗄 ⚪️➡️ fastapi.security.
👉 SecurityScopes 🎓 🎏 Request (Request ⚙️ 🤚 📨 🎚 🔗).
{* ../../docs_src/security/tutorial005.py hl[8,105] *}
⚙️ scopes
🔢 security_scopes 🔜 🆎 SecurityScopes.
⚫️ 🔜 ✔️ 🏠 scopes ⏮️ 📇 ⚗ 🌐 ↔ ✔ ⚫️ & 🌐 🔗 👈 ⚙️ 👉 🎧-🔗. 👈 ⛓, 🌐 "⚓️"... 👉 💪 🔊 😨, ⚫️ 🔬 🔄 ⏪ 🔛.
security_scopes 🎚 (🎓 SecurityScopes) 🚚 scope_str 🔢 ⏮️ 👁 🎻, 🔌 👈 ↔ 👽 🚀 (👥 🔜 ⚙️ ⚫️).
👥 ✍ HTTPException 👈 👥 💪 🏤-⚙️ (raise) ⏪ 📚 ☝.
👉 ⚠, 👥 🔌 ↔ 🚚 (🚥 🙆) 🎻 👽 🚀 (⚙️ scope_str). 👥 🚮 👈 🎻 ⚗ ↔ WWW-Authenticate 🎚 (👉 🍕 🔌).
{* ../../docs_src/security/tutorial005.py hl[105,107:115] *}
✔ username & 💽 💠
👥 ✔ 👈 👥 🤚 username, & ⚗ ↔.
& ⤴️ 👥 ✔ 👈 📊 ⏮️ Pydantic 🏷 (✊ ValidationError ⚠), & 🚥 👥 🤚 ❌ 👂 🥙 🤝 ⚖️ ⚖ 📊 ⏮️ Pydantic, 👥 🤚 HTTPException 👥 ✍ ⏭.
👈, 👥 ℹ Pydantic 🏷 TokenData ⏮️ 🆕 🏠 scopes.
⚖ 📊 ⏮️ Pydantic 👥 💪 ⚒ 💭 👈 👥 ✔️, 🖼, ⚫️❔ list str ⏮️ ↔ & str ⏮️ username.
↩️, 🖼, dict, ⚖️ 🕳 🙆, ⚫️ 💪 💔 🈸 ☝ ⏪, ⚒ ⚫️ 💂♂ ⚠.
👥 ✔ 👈 👥 ✔️ 👩💻 ⏮️ 👈 🆔, & 🚥 🚫, 👥 🤚 👈 🎏 ⚠ 👥 ✍ ⏭.
{* ../../docs_src/security/tutorial005.py hl[46,116:128] *}
✔ scopes
👥 🔜 ✔ 👈 🌐 ↔ ✔, 👉 🔗 & 🌐 ⚓️ (🔌 ➡ 🛠️), 🔌 ↔ 🚚 🤝 📨, ⏪ 🤚 HTTPException.
👉, 👥 ⚙️ security_scopes.scopes, 👈 🔌 list ⏮️ 🌐 👫 ↔ str.
{* ../../docs_src/security/tutorial005.py hl[129:135] *}
🔗 🌲 & ↔
➡️ 📄 🔄 👉 🔗 🌲 & ↔.
get_current_active_user 🔗 ✔️ 🎧-🔗 🔛 get_current_user, ↔ "me" 📣 get_current_active_user 🔜 🔌 📇 ✔ ↔ security_scopes.scopes 🚶♀️ get_current_user.
➡ 🛠️ ⚫️ 📣 ↔, "items", 👉 🔜 📇 security_scopes.scopes 🚶♀️ get_current_user.
📥 ❔ 🔗 🔗 & ↔ 👀 💖:
- ➡ 🛠️
read_own_items✔️:- ✔ ↔
["items"]⏮️ 🔗: get_current_active_user:- 🔗 🔢
get_current_active_user✔️:- ✔ ↔
["me"]⏮️ 🔗: get_current_user:- 🔗 🔢
get_current_user✔️:- 🙅♂ ↔ ✔ ⚫️.
- 🔗 ⚙️
oauth2_scheme. security_scopes🔢 🆎SecurityScopes:- 👉
security_scopes🔢 ✔️ 🏠scopes⏮️list⚗ 🌐 👫 ↔ 📣 🔛,:security_scopes.scopes🔜 🔌["me", "items"]➡ 🛠️read_own_items.security_scopes.scopes🔜 🔌["me"]➡ 🛠️read_users_me, ↩️ ⚫️ 📣 🔗get_current_active_user.security_scopes.scopes🔜 🔌[](🕳) ➡ 🛠️read_system_status, ↩️ ⚫️ 🚫 📣 🙆Security⏮️scopes, & 🚮 🔗,get_current_user, 🚫 📣 🙆scope👯♂️.
- 👉
- 🔗 🔢
- ✔ ↔
- 🔗 🔢
- ✔ ↔
/// tip
⚠ & "🎱" 👜 📥 👈 get_current_user 🔜 ✔️ 🎏 📇 scopes ✅ 🔠 ➡ 🛠️.
🌐 ⚓️ 🔛 scopes 📣 🔠 ➡ 🛠️ & 🔠 🔗 🔗 🌲 👈 🎯 ➡ 🛠️.
///
🌖 ℹ 🔃 SecurityScopes
👆 💪 ⚙️ SecurityScopes 🙆 ☝, & 💗 🥉, ⚫️ 🚫 ✔️ "🌱" 🔗.
⚫️ 🔜 🕧 ✔️ 💂♂ ↔ 📣 ⏮️ Security 🔗 & 🌐 ⚓️ 👈 🎯 ➡ 🛠️ & 👈 🎯 🔗 🌲.
↩️ SecurityScopes 🔜 ✔️ 🌐 ↔ 📣 ⚓️, 👆 💪 ⚙️ ⚫️ ✔ 👈 🤝 ✔️ 🚚 ↔ 🇨🇫 🔗 🔢, & ⤴️ 📣 🎏 ↔ 📄 🎏 ➡ 🛠️.
👫 🔜 ✅ ➡ 🔠 ➡ 🛠️.
✅ ⚫️
🚥 👆 📂 🛠️ 🩺, 👆 💪 🔓 & ✔ ❔ ↔ 👆 💚 ✔.
🚥 👆 🚫 🖊 🙆 ↔, 👆 🔜 "🔓", ✋️ 🕐❔ 👆 🔄 🔐 /users/me/ ⚖️ /users/me/items/ 👆 🔜 🤚 ❌ 💬 👈 👆 🚫 ✔️ 🥃 ✔. 👆 🔜 💪 🔐 /status/.
& 🚥 👆 🖊 ↔ me ✋️ 🚫 ↔ items, 👆 🔜 💪 🔐 /users/me/ ✋️ 🚫 /users/me/items/.
👈 ⚫️❔ 🔜 🔨 🥉 🥳 🈸 👈 🔄 🔐 1️⃣ 👫 ➡ 🛠️ ⏮️ 🤝 🚚 👩💻, ⚓️ 🔛 ❔ 📚 ✔ 👩💻 🤝 🈸.
🔃 🥉 🥳 🛠️
👉 🖼 👥 ⚙️ Oauth2️⃣ "🔐" 💧.
👉 ☑ 🕐❔ 👥 🚨 👆 👍 🈸, 🎲 ⏮️ 👆 👍 🕸.
↩️ 👥 💪 💙 ⚫️ 📨 username & password, 👥 🎛 ⚫️.
✋️ 🚥 👆 🏗 Oauth2️⃣ 🈸 👈 🎏 🔜 🔗 (➡, 🚥 👆 🏗 🤝 🐕🦺 🌓 👱📔, 🇺🇸🔍, 📂, ♒️.) 👆 🔜 ⚙️ 1️⃣ 🎏 💧.
🌅 ⚠ 🔑 💧.
🏆 🔐 📟 💧, ✋️ 🌖 🏗 🛠️ ⚫️ 🚚 🌅 📶. ⚫️ 🌅 🏗, 📚 🐕🦺 🔚 🆙 ✔ 🔑 💧.
/// note
⚫️ ⚠ 👈 🔠 🤝 🐕🦺 📛 👫 💧 🎏 🌌, ⚒ ⚫️ 🍕 👫 🏷.
✋️ 🔚, 👫 🛠️ 🎏 Oauth2️⃣ 🐩.
///
FastAPI 🔌 🚙 🌐 👫 Oauth2️⃣ 🤝 💧 fastapi.security.oauth2.
Security 👨🎨 dependencies
🎏 🌌 👆 💪 🔬 list Depends 👨🎨 dependencies 🔢 (🔬 🔗 ➡ 🛠️ 👨🎨{.internal-link target=_blank}), 👆 💪 ⚙️ Security ⏮️ scopes 📤.