OpenAPI has a way to define multiple security "schemes".

By using them, you can take advantage of all these standard-based tools, including these interactive documentation systems.

OpenAPI defines the following security schemes:

* `apiKey`: an application specific key that can come from:
    * A query parameter.
    * A header.
    * A cookie.

 * As policy, implementations of this interface are responsible for selecting which cookies to
 * accept and which to reject. A reasonable policy is to reject all cookies, though that may
 * interfere with session-based authentication schemes that require cookies.
 *
 * As persistence, implementations of this interface must also provide storage of cookies. Simple
 * implementations may store cookies in memory; sophisticated ones may use the file system or

        checkVersionParsing("0.09", 0, 0, 0, 0, "0.09");
        checkVersionParsing("0.2.09", 0, 0, 0, 0, "0.2.09");
        checkVersionParsing("2.0-01", 2, 0, 0, 0, "01");

        // version schemes not really supported: fully transformed as qualifier
        checkVersionParsing("1.0.1b", 0, 0, 0, 0, "1.0.1b");
        checkVersionParsing("1.0M2", 0, 0, 0, 0, "1.0M2");
        checkVersionParsing("1.0RC2", 0, 0, 0, 0, "1.0RC2");

{* ../../docs_src/security/tutorial005_an_py310.py hl[5,9,13,47,65,106,108:116,122:126,130:136,141,157] *}

Now let's review those changes step by step.

## OAuth2 Security scheme { #oauth2-security-scheme }

The first change is that now we are declaring the OAuth2 security scheme with two available scopes, `me` and `items`.

The `scopes` parameter receives a `dict` with each scope as a key and the description as the value:

**FastAPI** will know that it can use this dependency to define a "security scheme" in the OpenAPI schema (and the automatic API docs).

/// info | Technical Details

 * {@code jcifs.smb1.smb1.client.domain} or {@code jcifs.smb1.http.domainController}
 * properties are be specified. <b>With later containers the
 * {@code NtlmHttpFilter} should be used</b>. For custom NTLM HTTP Authentication schemes the {@code NtlmSsp} may be used.
 *
 * <p>
 * Read <a href="../../../ntlmhttpauth.html">jCIFS NTLM HTTP Authentication and the Network Explorer Servlet</a> related information.
 */

 * {@code jcifs.smb.client.domain} or {@code jcifs.http.domainController}
 * properties are be specified. <b>With later containers the
 * {@code NtlmHttpFilter} should be used</b>. For custom NTLM HTTP Authentication schemes the {@code NtlmSsp} may be
 * used.
 * <p>
 * Read <a href="../../../ntlmhttpauth.html">jCIFS NTLM HTTP Authentication and the Network Explorer Servlet</a> related
 * information.
 *
 * @deprecated NTLMv1 only
 */

    * Initializes the HTTP client with the necessary configurations and settings.
    * This method sets up the request configurations, authentication schemes,
    * user agent, proxy settings, request headers, cookie store, and connection manager.
    * It also processes form-based authentication schemes and sets up the HTTP client context.
    */
    @Override
    public synchronized void init() {
        if (httpClient != null) {

            return entity;
        });
    }

    /**
     * Registers available protocol scheme items for web authentication forms.
     * Includes Basic, Digest, NTLM, and Form authentication schemes.
     *
     * @param data the render data to register the protocol scheme items with
     */
    protected void registerProtocolSchemeItems(final RenderData data) {

* Automatic data model documentation with <a href="https://json-schema.org/" class="external-link" target="_blank"><strong>JSON Schema</strong></a> (as OpenAPI itself is based on JSON Schema).
* Designed around these standards, after a meticulous study. Instead of an afterthought layer on top.