# security


- Security - First Steps
- Get Current User
- Simple OAuth2 with Password and Bearer
- OAuth2 with Password (and hashing), Bearer with JWT tokens

1. OAuth2 
2. OAuth1
3. OpenID Connect
3. OpenID

OpenAPI defines the following security schemes:

- `apiKey`
- `http` 
- `oauth2` 
- `openIdConnect`

## Security - First Steps

In [1]:
from typing import Annotated

from fastapi import Depends, FastAPI
from fastapi.security import OAuth2PasswordBearer

app = FastAPI()

oauth2_scheme = OAuth2PasswordBearer(tokenUrl="token")


@app.get("/items/")
async def read_items(token: Annotated[str, Depends(oauth2_scheme)]):
    return {"token": token}

• **OAuth2PasswordBearer** creates a security scheme that looks for `Authorization: Bearer <token>` headers in requests

• **Token flow process**: Frontend sends username/password to `/token` endpoint → API returns token → Frontend includes token in `Authorization` header for subsequent requests

• **FastAPI integration**: OAuth2PasswordBearer automatically integrates with OpenAPI docs, adding an "Authorize" button and lock icons

• **Automatic validation**: The dependency automatically returns 401 UNAUTHORIZED if no valid Bearer token is found in the request header

• **Simple setup**: Just create `oauth2_scheme = OAuth2PasswordBearer(tokenUrl="token")` and use it as a dependency with `Depends(oauth2_scheme)`

• **Token parameter**: The dependency extracts and returns the token as a string to your path operation function

## Get Current User

In [3]:
# make it give us the current user

from typing import Annotated 

from fastapi import Depends, FastAPI 
from fastapi.security import OAuth2PasswordBearer
from pydantic import BaseModel 

app = FastAPI() 

oauth2_scheme = OAuth2PasswordBearer(tokenUrl="token")


class User(BaseModel):
    username : str 
    email: str | None = None 
    full_name: str | None = None 
    disabled: bool | None = None 

def fake_decode_token(token):
    return User(
        username=token + "fakedecoded", email="john@example.com", full_name="John Doe"
    )

async def get_current_user(token: Annotated[str, Depends(oauth2_scheme)]):
    user = fake_decode_token(token)
    return user

@app.get("/user/me")
async def read_user_me(current_user: Annotated[User, Depends(get_current_user)]):
    return current_user


## Simple OAuth2 with Password and Bearer


## OAuth2 with Password (and hashing), Bearer with JWT tokens
