OAuth2PasswordRequestForm Class — fastapi Architecture
Architecture documentation for the OAuth2PasswordRequestForm class in oauth2.py from the fastapi codebase.
Entity Profile
Dependency Diagram
graph TD 297a8eb4_9aae_431a_a0de_a9802a8c776d["OAuth2PasswordRequestForm"] efdd0530_d49f_83d3_f1d5_e8884b1b9602["oauth2.py"] 297a8eb4_9aae_431a_a0de_a9802a8c776d -->|defined in| efdd0530_d49f_83d3_f1d5_e8884b1b9602 44839a66_b7bf_3153_69cf_705d55a9871b["__init__()"] 297a8eb4_9aae_431a_a0de_a9802a8c776d -->|method| 44839a66_b7bf_3153_69cf_705d55a9871b
Relationship Graph
Source Code
fastapi/security/oauth2.py lines 14–159
class OAuth2PasswordRequestForm:
"""
This is a dependency class to collect the `username` and `password` as form data
for an OAuth2 password flow.
The OAuth2 specification dictates that for a password flow the data should be
collected using form data (instead of JSON) and that it should have the specific
fields `username` and `password`.
All the initialization parameters are extracted from the request.
Read more about it in the
[FastAPI docs for Simple OAuth2 with Password and Bearer](https://fastapi.tiangolo.com/tutorial/security/simple-oauth2/).
## Example
```python
from typing import Annotated
from fastapi import Depends, FastAPI
from fastapi.security import OAuth2PasswordRequestForm
app = FastAPI()
@app.post("/login")
def login(form_data: Annotated[OAuth2PasswordRequestForm, Depends()]):
data = {}
data["scopes"] = []
for scope in form_data.scopes:
data["scopes"].append(scope)
if form_data.client_id:
data["client_id"] = form_data.client_id
if form_data.client_secret:
data["client_secret"] = form_data.client_secret
return data
```
Note that for OAuth2 the scope `items:read` is a single scope in an opaque string.
You could have custom internal logic to separate it by colon characters (`:`) or
similar, and get the two parts `items` and `read`. Many applications do that to
group and organize permissions, you could do it as well in your application, just
know that that it is application specific, it's not part of the specification.
"""
def __init__(
self,
*,
grant_type: Annotated[
Union[str, None],
Form(pattern="^password$"),
Doc(
"""
The OAuth2 spec says it is required and MUST be the fixed string
"password". Nevertheless, this dependency class is permissive and
allows not passing it. If you want to enforce it, use instead the
`OAuth2PasswordRequestFormStrict` dependency.
Read more about it in the
[FastAPI docs for Simple OAuth2 with Password and Bearer](https://fastapi.tiangolo.com/tutorial/security/simple-oauth2/).
"""
),
] = None,
username: Annotated[
str,
Form(),
Doc(
"""
`username` string. The OAuth2 spec requires the exact field name
`username`.
Read more about it in the
[FastAPI docs for Simple OAuth2 with Password and Bearer](https://fastapi.tiangolo.com/tutorial/security/simple-oauth2/).
"""
),
],
password: Annotated[
str,
Form(json_schema_extra={"format": "password"}),
Doc(
"""Domain
Defined In
Source
Frequently Asked Questions
What is the OAuth2PasswordRequestForm class?
OAuth2PasswordRequestForm is a class in the fastapi codebase, defined in fastapi/security/oauth2.py.
Where is OAuth2PasswordRequestForm defined?
OAuth2PasswordRequestForm is defined in fastapi/security/oauth2.py at line 14.
Analyze Your Own Codebase
Get architecture documentation, dependency graphs, and domain analysis for your codebase in minutes.
Try Supermodel Free