Thanks to visit codestin.com
Credit goes to github.com

Skip to content

📝 Bring the scope claim in line with the standard in docs_src/security/tutorial005.py #11189

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
tiangolo merged 4 commits into from
Aug 31, 2025
Merged

📝 Bring the scope claim in line with the standard in docs_src/security/tutorial005.py #11189

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
c788898
✏️ Use standard scope claim in `tutorial005.py`
DurandA Feb 24, 2024
05526e6
🎨 [pre-commit.ci] Auto format from pre-commit.com hooks
pre-commit-ci[bot] Feb 24, 2024
8b9a5b0
Merge remote-tracking branch 'upstream/master' into patch/tutorial-sc…
YuriiMotov Jul 17, 2025
8e2f8c1
Fix highlights
YuriiMotov Jul 17, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 5 additions & 5 deletions docs/em/docs/advanced/security/oauth2-scopes.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ Oauth2️⃣ 👫 🎻.

🥇, ➡️ 🔜 👀 🍕 👈 🔀 ⚪️➡️ 🖼 👑 **🔰 - 👩‍💻 🦮** [Oauth2️⃣ ⏮️ 🔐 (& 🔁), 📨 ⏮️ 🥙 🤝](../../tutorial/security/oauth2-jwt.md){.internal-link target=_blank}. 🔜 ⚙️ Oauth2️⃣ ↔:

{* ../../docs_src/security/tutorial005.py hl[2,4,8,12,46,64,105,107:115,121:124,128:134,139,155] *}
{* ../../docs_src/security/tutorial005.py hl[2,4,8,12,46,64,105,107:115,121:125,129:135,140,156] *}

🔜 ➡️ 📄 👈 🔀 🔁 🔁.

Expand Down Expand Up @@ -98,7 +98,7 @@ Oauth2️⃣ 👫 🎻.

///

{* ../../docs_src/security/tutorial005.py hl[155] *}
{* ../../docs_src/security/tutorial005.py hl[156] *}

## 📣 ↔ *➡ 🛠️* & 🔗

Expand All @@ -124,7 +124,7 @@ Oauth2️⃣ 👫 🎻.

///

{* ../../docs_src/security/tutorial005.py hl[4,139,168] *}
{* ../../docs_src/security/tutorial005.py hl[4,140,169] *}

/// info | 📡 ℹ

Expand Down Expand Up @@ -180,15 +180,15 @@ Oauth2️⃣ 👫 🎻.

👥 ✔ 👈 👥 ✔️ 👩‍💻 ⏮️ 👈 🆔, & 🚥 🚫, 👥 🤚 👈 🎏 ⚠ 👥 ✍ ⏭.

{* ../../docs_src/security/tutorial005.py hl[46,116:127] *}
{* ../../docs_src/security/tutorial005.py hl[46,116:128] *}

## ✔ `scopes`

👥 🔜 ✔ 👈 🌐 ↔ ✔, 👉 🔗 & 🌐 ⚓️ (🔌 *➡ 🛠️*), 🔌 ↔ 🚚 🤝 📨, ⏪ 🤚 `HTTPException`.

👉, 👥 ⚙️ `security_scopes.scopes`, 👈 🔌 `list` ⏮️ 🌐 👫 ↔ `str`.

{* ../../docs_src/security/tutorial005.py hl[128:134] *}
{* ../../docs_src/security/tutorial005.py hl[129:135] *}

## 🔗 🌲 & ↔

Expand Down
10 changes: 5 additions & 5 deletions docs/en/docs/advanced/security/oauth2-scopes.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ For OAuth2 they are just strings.

First, let's quickly see the parts that change from the examples in the main **Tutorial - User Guide** for [OAuth2 with Password (and hashing), Bearer with JWT tokens](../../tutorial/security/oauth2-jwt.md){.internal-link target=_blank}. Now using OAuth2 scopes:

{* ../../docs_src/security/tutorial005_an_py310.py hl[5,9,13,47,65,106,108:116,122:125,129:135,140,156] *}
{* ../../docs_src/security/tutorial005_an_py310.py hl[5,9,13,47,65,106,108:116,122:126,130:136,141,157] *}

Now let's review those changes step by step.

Expand Down Expand Up @@ -98,7 +98,7 @@ But in your application, for security, you should make sure you only add the sco

///

{* ../../docs_src/security/tutorial005_an_py310.py hl[156] *}
{* ../../docs_src/security/tutorial005_an_py310.py hl[157] *}

## Declare scopes in *path operations* and dependencies

Expand All @@ -124,7 +124,7 @@ We are doing it here to demonstrate how **FastAPI** handles scopes declared at d

///

{* ../../docs_src/security/tutorial005_an_py310.py hl[5,140,171] *}
{* ../../docs_src/security/tutorial005_an_py310.py hl[5,141,172] *}

/// info | Technical Details

Expand Down Expand Up @@ -180,15 +180,15 @@ Instead of, for example, a `dict`, or something else, as it could break the appl

We also verify that we have a user with that username, and if not, we raise that same exception we created before.

{* ../../docs_src/security/tutorial005_an_py310.py hl[47,117:128] *}
{* ../../docs_src/security/tutorial005_an_py310.py hl[47,117:129] *}

## Verify the `scopes`

We now verify that all the scopes required, by this dependency and all the dependants (including *path operations*), are included in the scopes provided in the token received, otherwise raise an `HTTPException`.

For this, we use `security_scopes.scopes`, that contains a `list` with all these scopes as `str`.

{* ../../docs_src/security/tutorial005_an_py310.py hl[129:135] *}
{* ../../docs_src/security/tutorial005_an_py310.py hl[130:136] *}

## Dependency tree and scopes

Expand Down
5 changes: 3 additions & 2 deletions docs_src/security/tutorial005.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -119,7 +119,8 @@ async def get_current_user(
username: str = payload.get("sub")
if username is None:
raise credentials_exception
token_scopes = payload.get("scopes", [])
scope: str = payload.get("scope", "")
token_scopes = scope.split(" ")
token_data = TokenData(scopes=token_scopes, username=username)
except (InvalidTokenError, ValidationError):
raise credentials_exception
Expand Down Expand Up @@ -153,7 +154,7 @@ async def login_for_access_token(
raise HTTPException(status_code=400, detail="Incorrect username or password")
access_token_expires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
access_token = create_access_token(
data={"sub": user.username, "scopes": form_data.scopes},
data={"sub": user.username, "scope": " ".join(form_data.scopes)},
expires_delta=access_token_expires,
)
return Token(access_token=access_token, token_type="bearer")
Expand Down
5 changes: 3 additions & 2 deletions docs_src/security/tutorial005_an.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -120,7 +120,8 @@ async def get_current_user(
username = payload.get("sub")
if username is None:
raise credentials_exception
token_scopes = payload.get("scopes", [])
scope: str = payload.get("scope", "")
token_scopes = scope.split(" ")
token_data = TokenData(scopes=token_scopes, username=username)
except (InvalidTokenError, ValidationError):
raise credentials_exception
Expand Down Expand Up @@ -154,7 +155,7 @@ async def login_for_access_token(
raise HTTPException(status_code=400, detail="Incorrect username or password")
access_token_expires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
access_token = create_access_token(
data={"sub": user.username, "scopes": form_data.scopes},
data={"sub": user.username, "scope": " ".join(form_data.scopes)},
expires_delta=access_token_expires,
)
return Token(access_token=access_token, token_type="bearer")
Expand Down
5 changes: 3 additions & 2 deletions docs_src/security/tutorial005_an_py310.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -119,7 +119,8 @@ async def get_current_user(
username = payload.get("sub")
if username is None:
raise credentials_exception
token_scopes = payload.get("scopes", [])
scope: str = payload.get("scope", "")
token_scopes = scope.split(" ")
token_data = TokenData(scopes=token_scopes, username=username)
except (InvalidTokenError, ValidationError):
raise credentials_exception
Expand Down Expand Up @@ -153,7 +154,7 @@ async def login_for_access_token(
raise HTTPException(status_code=400, detail="Incorrect username or password")
access_token_expires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
access_token = create_access_token(
data={"sub": user.username, "scopes": form_data.scopes},
data={"sub": user.username, "scope": " ".join(form_data.scopes)},
expires_delta=access_token_expires,
)
return Token(access_token=access_token, token_type="bearer")
Expand Down
5 changes: 3 additions & 2 deletions docs_src/security/tutorial005_an_py39.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -119,7 +119,8 @@ async def get_current_user(
username = payload.get("sub")
if username is None:
raise credentials_exception
token_scopes = payload.get("scopes", [])
scope: str = payload.get("scope", "")
token_scopes = scope.split(" ")
token_data = TokenData(scopes=token_scopes, username=username)
except (InvalidTokenError, ValidationError):
raise credentials_exception
Expand Down Expand Up @@ -153,7 +154,7 @@ async def login_for_access_token(
raise HTTPException(status_code=400, detail="Incorrect username or password")
access_token_expires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
access_token = create_access_token(
data={"sub": user.username, "scopes": form_data.scopes},
data={"sub": user.username, "scope": " ".join(form_data.scopes)},
expires_delta=access_token_expires,
)
return Token(access_token=access_token, token_type="bearer")
Expand Down
5 changes: 3 additions & 2 deletions docs_src/security/tutorial005_py310.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -118,7 +118,8 @@ async def get_current_user(
username: str = payload.get("sub")
if username is None:
raise credentials_exception
token_scopes = payload.get("scopes", [])
scope: str = payload.get("scope", "")
token_scopes = scope.split(" ")
token_data = TokenData(scopes=token_scopes, username=username)
except (InvalidTokenError, ValidationError):
raise credentials_exception
Expand Down Expand Up @@ -152,7 +153,7 @@ async def login_for_access_token(
raise HTTPException(status_code=400, detail="Incorrect username or password")
access_token_expires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
access_token = create_access_token(
data={"sub": user.username, "scopes": form_data.scopes},
data={"sub": user.username, "scope": " ".join(form_data.scopes)},
expires_delta=access_token_expires,
)
return Token(access_token=access_token, token_type="bearer")
Expand Down
5 changes: 3 additions & 2 deletions docs_src/security/tutorial005_py39.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -119,7 +119,8 @@ async def get_current_user(
username: str = payload.get("sub")
if username is None:
raise credentials_exception
token_scopes = payload.get("scopes", [])
scope: str = payload.get("scope", "")
token_scopes = scope.split(" ")
token_data = TokenData(scopes=token_scopes, username=username)
except (InvalidTokenError, ValidationError):
raise credentials_exception
Expand Down Expand Up @@ -153,7 +154,7 @@ async def login_for_access_token(
raise HTTPException(status_code=400, detail="Incorrect username or password")
access_token_expires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
access_token = create_access_token(
data={"sub": user.username, "scopes": form_data.scopes},
data={"sub": user.username, "scope": " ".join(form_data.scopes)},
expires_delta=access_token_expires,
)
return Token(access_token=access_token, token_type="bearer")
Expand Down