)
```

Read more about them in the [FastAPI docs about Security](https://fastapi.tiangolo.com/tutorial/security/).

## API Key Security Schemes

::: fastapi.security.APIKeyCookie

::: fastapi.security.APIKeyHeader

::: fastapi.security.APIKeyQuery

## HTTP Authentication Schemes

::: fastapi.security.HTTPBasic

::: fastapi.security.HTTPBearer

::: fastapi.security.HTTPDigest

## HTTP Credentials

{* ../../docs_src/security/tutorial005_an_py310.py hl[5,9,13,47,65,106,108:116,122:126,130:136,141,157] *}

Now let's review those changes step by step.

## OAuth2 Security scheme { #oauth2-security-scheme }

The first change is that now we are declaring the OAuth2 security scheme with two available scopes, `me` and `items`.

The `scopes` parameter receives a `dict` with each scope as a key and the description as the value:

    * Initializes the HTTP client with the necessary configurations and settings.
    * This method sets up the request configurations, authentication schemes,
    * user agent, proxy settings, request headers, cookie store, and connection manager.
    * It also processes form-based authentication schemes and sets up the HTTP client context.
    */
    @Override
    public synchronized void init() {
        if (httpClient != null) {

**FastAPI** will know that it can use this dependency to define a "security scheme" in the OpenAPI schema (and the automatic API docs).

/// info | Technical Details

    * Initializes the HTTP client with the necessary configurations and settings.
    * This method sets up the request configurations, authentication schemes,
    * user agent, proxy settings, request headers, cookie store, and connection manager.
    * It also processes form-based authentication schemes and sets up the HTTP client context.
    */
    @Override
    public synchronized void init() {
        if (httpClient != null) {

* Automatic data model documentation with [**JSON Schema**](https://json-schema.org/) (as OpenAPI itself is based on JSON Schema).
* Designed around these standards, after a meticulous study. Instead of an afterthought layer on top.
* This also allows using automatic **client code generation** in many languages.

///

## OAuth2 scopes 與 OpenAPI { #oauth2-scopes-and-openapi }

OAuth2 規格將「scopes」定義為以空白分隔的一串字串列表。

每個字串的內容可以有任意格式，但不應包含空白。

這些 scopes 代表「權限」。

在 OpenAPI（例如 API 文件）中，你可以定義「security schemes」。

當某個 security scheme 使用 OAuth2 時，你也可以宣告並使用 scopes。

每個「scope」就是一個（不含空白的）字串。

它們通常用來宣告特定的安全性權限，例如：

- `users:read` 或 `users:write` 是常見的例子。
- `instagram_basic` 是 Facebook / Instagram 使用的。

但如果你确实需要它，或者只是好奇，请继续阅读。

///

## OAuth2 作用域与 OpenAPI { #oauth2-scopes-and-openapi }

OAuth2 规范将“作用域”定义为由空格分隔的字符串列表。

这些字符串的内容可以是任意格式，但不应包含空格。

这些作用域表示“权限”。

在 OpenAPI（例如 API 文档）中，你可以定义“安全方案”（security schemes）。

当这些安全方案使用 OAuth2 时，你还可以声明并使用作用域。

每个“作用域”只是一个（不带空格的）字符串。

它们通常用于声明特定的安全权限，例如：

* 常见示例：`users:read` 或 `users:write`
* Facebook / Instagram 使用 `instagram_basic`

- Apply above rules also when there is an existing translation! Make sure that all title attributes in abbr elements get properly translated or updated, using the schemes given above. However, leave the ADDITIONAL abbr's described above alone. Do not change their formatting or content.

### HTML dfn elements

    /**
     * @param scheme either "http" or "https".
     */
    fun scheme(scheme: String) =
      apply {
        when {
          scheme.equals("http", ignoreCase = true) -> this.scheme = "http"
          scheme.equals("https", ignoreCase = true) -> this.scheme = "https"
          else -> throw IllegalArgumentException("unexpected scheme: $scheme")
        }
      }