From 1e4f86db6d78f8a835db57044b2f80cede03d86d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sebasti=C3=A1n=20Ram=C3=ADrez?= Date: Tue, 9 Apr 2019 23:36:18 +0400 Subject: [PATCH] :memo: Update release notes and OAuth2 scopes docs --- docs/release-notes.md | 8 ++++++++ docs/tutorial/security/oauth2-scopes.md | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/docs/release-notes.md b/docs/release-notes.md index 5d50cbe1c..28b51ff40 100644 --- a/docs/release-notes.md +++ b/docs/release-notes.md @@ -1,5 +1,13 @@ ## Next release +* Improve/upgrade OAuth2 scopes support with `SecurityScopes`: + * `SecurityScopes` can be declared as a parameter like `Request`, to get the scopes of all super-dependencies/dependants. + * Improve `Security` handling, merging scopes when declaring `SecurityScopes`. + * Allow using `SecurityBase` (like `OAuth2`) classes with `Depends` and still document them. `Security` now is needed only to declare `scopes`. + * Updated docs about: OAuth2 with Password (and hashing), Bearer with JWT tokens. + * New docs about: OAuth2 scopes. + * PR #141. + ## 0.12.1 * Fix bug: handling additional `responses` in `APIRouter.include_router()`. PR #140. diff --git a/docs/tutorial/security/oauth2-scopes.md b/docs/tutorial/security/oauth2-scopes.md index 51e28daaf..2056b41ab 100644 --- a/docs/tutorial/security/oauth2-scopes.md +++ b/docs/tutorial/security/oauth2-scopes.md @@ -1,6 +1,6 @@ You can use OAuth2 scopes directly with **FastAPI**, they are integrated to work seamlessly. -This would allow you to have a more fine-grained permission system, following standards like OAuth2, integrated into your OpenAPI application (and the API docs). +This would allow you to have a more fine-grained permission system, following the OAuth2 standard, integrated into your OpenAPI application (and the API docs). OAuth2 with scopes is the mechanism used by many big authentication providers, like Facebook, Google, GitHub, Microsoft, Twitter, etc. They use it to provide specific permissions to users and applications.