OpenAPI has a way to define multiple security "schemes".

By using them, you can take advantage of all these standard-based tools, including these interactive documentation systems.

OpenAPI defines the following security schemes:

* `apiKey`: an application specific key that can come from:
    * A query parameter.
    * A header.
    * A cookie.

{* ../../docs_src/security/tutorial005_an_py310.py hl[5,9,13,47,65,106,108:116,122:126,130:136,141,157] *}

Now let's review those changes step by step.

## OAuth2 Security scheme { #oauth2-security-scheme }

The first change is that now we are declaring the OAuth2 security scheme with two available scopes, `me` and `items`.

The `scopes` parameter receives a `dict` with each scope as a key and the description as the value:

**FastAPI** will know that it can use this dependency to define a "security scheme" in the OpenAPI schema (and the automatic API docs).

/// info | Technical Details

 * {@code jcifs.smb1.smb1.client.domain} or {@code jcifs.smb1.http.domainController}
 * properties are be specified. <b>With later containers the
 * {@code NtlmHttpFilter} should be used</b>. For custom NTLM HTTP Authentication schemes the {@code NtlmSsp} may be used.
 *
 * <p>
 * Read <a href="../../../ntlmhttpauth.html">jCIFS NTLM HTTP Authentication and the Network Explorer Servlet</a> related information.
 */

 * {@code jcifs.smb.client.domain} or {@code jcifs.http.domainController}
 * properties are be specified. <b>With later containers the
 * {@code NtlmHttpFilter} should be used</b>. For custom NTLM HTTP Authentication schemes the {@code NtlmSsp} may be
 * used.
 * <p>
 * Read <a href="../../../ntlmhttpauth.html">jCIFS NTLM HTTP Authentication and the Network Explorer Servlet</a> related
 * information.
 *
 * @deprecated NTLMv1 only
 */

    * Initializes the HTTP client with the necessary configurations and settings.
    * This method sets up the request configurations, authentication schemes,
    * user agent, proxy settings, request headers, cookie store, and connection manager.
    * It also processes form-based authentication schemes and sets up the HTTP client context.
    */
    @Override
    public synchronized void init() {
        if (httpClient != null) {

* Automatic data model documentation with <a href="https://json-schema.org/" class="external-link" target="_blank"><strong>JSON Schema</strong></a> (as OpenAPI itself is based on JSON Schema).
* Designed around these standards, after a meticulous study. Instead of an afterthought layer on top.

     * This method implements incremental crawling by comparing timestamps and checking document
     * expiration. It also handles special cases for different URL schemes (SMB, file, FTP).
     *
     * @param client the crawler client to use for accessing the URL
     * @param urlQueue the URL queue item containing the URL to check

    /** The underlying index update callback to delegate operations to. */
    protected IndexUpdateCallback indexUpdateCallback;

    /** Factory for creating crawler clients to handle different URL schemes. */
    protected CrawlerClientFactory crawlerClientFactory;

    /** List of URLs to be deleted, cached for batch processing. */
    protected List<String> deleteUrlList = new ArrayList<>(100);

Use `Response.challenges()` to get the schemes and realms of any authentication challenges. When fulfilling a `Basic` challenge, use `Credentials.basic(username, password)` to encode the request header.

=== ":material-language-kotlin: Kotlin"
    ```kotlin