And then they can try again knowing that it's probably something more similar to `stanleyjobsox` than to `johndoe`.

#### A "professional" attack

* `skip`: with a value of `0`
* `limit`: with a value of `10`

As they are part of the URL, they are "naturally" strings.

But when you declare them with Python types (in the example above, as `int`), they are converted to that type and validated against it.

All the same process that applied for path parameters also applies for query parameters:

* Editor support (obviously)

////

These dependencies will be executed/solved the same way as normal dependencies. But their value (if they return any) won't be passed to your *path operation function*.

/// tip

Some editors check for unused function parameters, and show them as errors.

Using these `dependencies` in the *path operation decorator* you can make sure they are executed while avoiding editor/tooling errors.

 * those implied by the returned execution delay.
 *
 * Cancellation
 * ------------
 *
 * Tasks may be canceled while they are waiting to be executed, or while they are executing.
 *
 * Canceling a task that is waiting to execute prevents that upcoming execution. Canceling a task
 * that is currently executing does not impact the ongoing run, but it does prevent a recurrence

   * URLs</a>. (<a href="https://url.spec.whatwg.org/#path-state">If the escaper were to leave these
   * characters unescaped, they would be escaped by the consumer at parse time, anyway.</a>)
   * Additionally, the escaper escapes the slash character ("/"). While slashes are acceptable in
   * URL paths, they are considered by the specification to be separators between "path segments."

   * URLs</a>. (<a href="https://url.spec.whatwg.org/#path-state">If the escaper were to leave these
   * characters unescaped, they would be escaped by the consumer at parse time, anyway.</a>)
   * Additionally, the escaper escapes the slash character ("/"). While slashes are acceptable in
   * URL paths, they are considered by the specification to be separators between "path segments."

     * command. Even though search engine crawlers may consider this information
     * when making decisions, they may crawl pages marked "hourly" less
     * frequently than that, and they may crawl pages marked "yearly" more
     * frequently than that. Crawlers may periodically crawl pages marked
     * "never" so that they can handle unexpected changes to those pages.
     */
    private String changefreq;

    /**

Or it might be the case that you just prefer to take other courses because they adapt better to your learning style.

Some course providers ✨ [**sponsor FastAPI**](../help-fastapi.md#sponsor-the-author){.internal-link target=_blank} ✨, this ensures the continued and healthy **development** of FastAPI and its **ecosystem**.

You can use OAuth2 scopes directly with **FastAPI**, they are integrated to work seamlessly.

This would allow you to have a more fine-grained permission system, following the OAuth2 standard, integrated into your OpenAPI application (and the API docs).

OAuth2 with scopes is the mechanism used by many big authentication providers, like Facebook, Google, GitHub, Microsoft, Twitter, etc. They use it to provide specific permissions to users and applications.

We use *Specification* and *Discovery* documents stored in Google Drive, but they present some downsides:

* They are rarely updated after creation and initial review, and then become hard to follow, especially after important decisions are made
* They are not synced with the code to reflect the eventual solution that is committed
* Google Docs is not a "code-oriented" tool, like asciidoc can be