main commit

2025-10-16 16:30:25 +09:00
parent 91c7e04474
commit 537e7b363f
1146 changed files with 45926 additions and 77196 deletions
--- a/venv/lib/python3.12/site-packages/fastapi/security/oauth2.py
+++ b/venv/lib/python3.12/site-packages/fastapi/security/oauth2.py
@@ -10,7 +10,7 @@ from starlette.requests import Request
 from starlette.status import HTTP_401_UNAUTHORIZED, HTTP_403_FORBIDDEN

 # TODO: import from typing when deprecating Python 3.9
-from typing_extensions import Annotated, Doc
+from typing_extensions import Annotated, Doc  # type: ignore [attr-defined]


 class OAuth2PasswordRequestForm:
@@ -52,9 +52,9 @@ class OAuth2PasswordRequestForm:
    ```

    Note that for OAuth2 the scope `items:read` is a single scope in an opaque string.
-    You could have custom internal logic to separate it by colon characters (`:`) or
+    You could have custom internal logic to separate it by colon caracters (`:`) or
    similar, and get the two parts `items` and `read`. Many applications do that to
-    group and organize permissions, you could do it as well in your application, just
+    group and organize permisions, you could do it as well in your application, just
    know that that it is application specific, it's not part of the specification.
    """

@@ -63,7 +63,7 @@ class OAuth2PasswordRequestForm:
        *,
        grant_type: Annotated[
            Union[str, None],
-            Form(pattern="^password$"),
+            Form(pattern="password"),
            Doc(
                """
                The OAuth2 spec says it is required and MUST be the fixed string
@@ -85,7 +85,7 @@ class OAuth2PasswordRequestForm:
        ],
        password: Annotated[
            str,
-            Form(json_schema_extra={"format": "password"}),
+            Form(),
            Doc(
                """
                `password` string. The OAuth2 spec requires the exact field name
@@ -130,7 +130,7 @@ class OAuth2PasswordRequestForm:
        ] = None,
        client_secret: Annotated[
            Union[str, None],
-            Form(json_schema_extra={"format": "password"}),
+            Form(),
            Doc(
                """
                If there's a `client_password` (and a `client_id`), they can be sent
@@ -194,9 +194,9 @@ class OAuth2PasswordRequestFormStrict(OAuth2PasswordRequestForm):
    ```

    Note that for OAuth2 the scope `items:read` is a single scope in an opaque string.
-    You could have custom internal logic to separate it by colon characters (`:`) or
+    You could have custom internal logic to separate it by colon caracters (`:`) or
    similar, and get the two parts `items` and `read`. Many applications do that to
-    group and organize permissions, you could do it as well in your application, just
+    group and organize permisions, you could do it as well in your application, just
    know that that it is application specific, it's not part of the specification.


@@ -217,7 +217,7 @@ class OAuth2PasswordRequestFormStrict(OAuth2PasswordRequestForm):
        self,
        grant_type: Annotated[
            str,
-            Form(pattern="^password$"),
+            Form(pattern="password"),
            Doc(
                """
                The OAuth2 spec says it is required and MUST be the fixed string
@@ -353,7 +353,7 @@ class OAuth2(SecurityBase):
            bool,
            Doc(
                """
-                By default, if no HTTP Authorization header is provided, required for
+                By default, if no HTTP Auhtorization header is provided, required for
                OAuth2 authentication, it will automatically cancel the request and
                send the client an error.

@@ -441,7 +441,7 @@ class OAuth2PasswordBearer(OAuth2):
            bool,
            Doc(
                """
-                By default, if no HTTP Authorization header is provided, required for
+                By default, if no HTTP Auhtorization header is provided, required for
                OAuth2 authentication, it will automatically cancel the request and
                send the client an error.

@@ -457,26 +457,11 @@ class OAuth2PasswordBearer(OAuth2):
                """
            ),
        ] = True,
-        refreshUrl: Annotated[
-            Optional[str],
-            Doc(
-                """
-                The URL to refresh the token and obtain a new one.
-                """
-            ),
-        ] = None,
    ):
        if not scopes:
            scopes = {}
        flows = OAuthFlowsModel(
-            password=cast(
-                Any,
-                {
-                    "tokenUrl": tokenUrl,
-                    "refreshUrl": refreshUrl,
-                    "scopes": scopes,
-                },
-            )
+            password=cast(Any, {"tokenUrl": tokenUrl, "scopes": scopes})
        )
        super().__init__(
            flows=flows,
@@ -558,7 +543,7 @@ class OAuth2AuthorizationCodeBearer(OAuth2):
            bool,
            Doc(
                """
-                By default, if no HTTP Authorization header is provided, required for
+                By default, if no HTTP Auhtorization header is provided, required for
                OAuth2 authentication, it will automatically cancel the request and
                send the client an error.