OpenAPI has a way to define multiple security "schemes".

By using them, you can take advantage of all these standard-based tools, including these interactive documentation systems.

OpenAPI defines the following security schemes:

* `apiKey`: an application specific key that can come from:
    * A query parameter.
    * A header.
    * A cookie.

{* ../../docs_src/security/tutorial005_an_py310.py hl[5,9,13,47,65,106,108:116,122:126,130:136,141,157] *}

Now let's review those changes step by step.

## OAuth2 Security scheme { #oauth2-security-scheme }

The first change is that now we are declaring the OAuth2 security scheme with two available scopes, `me` and `items`.

The `scopes` parameter receives a `dict` with each scope as a key and the description as the value:

**FastAPI** will know that it can use this dependency to define a "security scheme" in the OpenAPI schema (and the automatic API docs).

/// info | Technical Details

 * {@code jcifs.smb1.smb1.client.domain} or {@code jcifs.smb1.http.domainController}
 * properties are be specified. <b>With later containers the
 * {@code NtlmHttpFilter} should be used</b>. For custom NTLM HTTP Authentication schemes the {@code NtlmSsp} may be used.
 *
 * <p>
 * Read <a href="../../../ntlmhttpauth.html">jCIFS NTLM HTTP Authentication and the Network Explorer Servlet</a> related information.
 */

 * {@code jcifs.smb.client.domain} or {@code jcifs.http.domainController}
 * properties are be specified. <b>With later containers the
 * {@code NtlmHttpFilter} should be used</b>. For custom NTLM HTTP Authentication schemes the {@code NtlmSsp} may be
 * used.
 * <p>
 * Read <a href="../../../ntlmhttpauth.html">jCIFS NTLM HTTP Authentication and the Network Explorer Servlet</a> related
 * information.
 *
 * @deprecated NTLMv1 only
 */

    * Initializes the HTTP client with the necessary configurations and settings.
    * This method sets up the request configurations, authentication schemes,
    * user agent, proxy settings, request headers, cookie store, and connection manager.
    * It also processes form-based authentication schemes and sets up the HTTP client context.
    */
    @Override
    public synchronized void init() {
        if (httpClient != null) {

            return entity;
        });
    }

    /**
     * Registers available protocol scheme items for web authentication forms.
     * Includes Basic, Digest, NTLM, and Form authentication schemes.
     *
     * @param data the render data to register the protocol scheme items with
     */
    protected void registerProtocolSchemeItems(final RenderData data) {

* Automatic data model documentation with <a href="https://json-schema.org/" class="external-link" target="_blank"><strong>JSON Schema</strong></a> (as OpenAPI itself is based on JSON Schema).
* Designed around these standards, after a meticulous study. Instead of an afterthought layer on top.

     * This method implements incremental crawling by comparing timestamps and checking document
     * expiration. It also handles special cases for different URL schemes (SMB, file, FTP).
     *
     * @param client the crawler client to use for accessing the URL
     * @param urlQueue the URL queue item containing the URL to check

    /**
     * @param scheme either "http" or "https".
     */
    fun scheme(scheme: String) =
      apply {
        when {
          scheme.equals("http", ignoreCase = true) -> this.scheme = "http"
          scheme.equals("https", ignoreCase = true) -> this.scheme = "https"
          else -> throw IllegalArgumentException("unexpected scheme: $scheme")
        }
      }