OAuth2PasswordRequestForm,
    OAuth2PasswordRequestFormStrict,
    OpenIdConnect,
    SecurityScopes,
)
```

## API Key Security Schemes

::: fastapi.security.APIKeyCookie

::: fastapi.security.APIKeyHeader

::: fastapi.security.APIKeyQuery

## HTTP Authentication Schemes

::: fastapi.security.HTTPBasic

::: fastapi.security.HTTPBearer

::: fastapi.security.HTTPDigest

## HTTP Credentials

OpenAPI has a way to define multiple security "schemes".

By using them, you can take advantage of all these standard-based tools, including these interactive documentation systems.

OpenAPI defines the following security schemes:

* `apiKey`: an application specific key that can come from:
    * A query parameter.
    * A header.
    * A cookie.

 * As policy, implementations of this interface are responsible for selecting which cookies to
 * accept and which to reject. A reasonable policy is to reject all cookies, though that may
 * interfere with session-based authentication schemes that require cookies.
 *
 * As persistence, implementations of this interface must also provide storage of cookies. Simple
 * implementations may store cookies in memory; sophisticated ones may use the file system or

    proxies.add(proxy)
    return this
  }

  override fun select(uri: URI): List<Proxy> {
    // Don't handle 'socket' schemes, which the RI's Socket class may request (for SOCKS).
    return if (uri.scheme == "http" || uri.scheme == "https") proxies else listOf(Proxy.NO_PROXY)
  }

  override fun connectFailed(
    uri: URI,
    sa: SocketAddress,
    ioe: IOException,
  ) {
  }

        checkVersionParsing("0.09", 0, 0, 0, 0, "0.09");
        checkVersionParsing("0.2.09", 0, 0, 0, 0, "0.2.09");
        checkVersionParsing("2.0-01", 2, 0, 0, 0, "01");

        // version schemes not really supported: fully transformed as qualifier
        checkVersionParsing("1.0.1b", 0, 0, 0, 0, "1.0.1b");
        checkVersionParsing("1.0M2", 0, 0, 0, 0, "1.0M2");
        checkVersionParsing("1.0RC2", 0, 0, 0, 0, "1.0RC2");

{* ../../docs_src/security/tutorial005_an_py310.py hl[5,9,13,47,65,106,108:116,122:126,130:136,141,157] *}

Now let's review those changes step by step.

## OAuth2 Security scheme { #oauth2-security-scheme }

The first change is that now we are declaring the OAuth2 security scheme with two available scopes, `me` and `items`.

The `scopes` parameter receives a `dict` with each scope as a key and the description as the value:

**FastAPI** will know that it can use this dependency to define a "security scheme" in the OpenAPI schema (and the automatic API docs).

/// info | Technical Details

 * {@code jcifs.smb1.smb1.client.domain} or {@code jcifs.smb1.http.domainController}
 * properties are be specified. <b>With later containers the
 * {@code NtlmHttpFilter} should be used</b>. For custom NTLM HTTP Authentication schemes the {@code NtlmSsp} may be used.
 *
 * <p>
 * Read <a href="../../../ntlmhttpauth.html">jCIFS NTLM HTTP Authentication and the Network Explorer Servlet</a> related information.
 */

 * Fix: Drop `Content-Length` header when redirected from POST to GET.
 * Fix: Correctly read cached header entries with malformed header names.
 * Fix: Do not directly support any authentication schemes other than "Basic".
 * Fix: Respect read timeouts on recycled connections.
 * Fix: Transmit multiple cookie values as a single header with delimiter.
 * Fix: Ensure `null` is never returned from a connection's `getHeaderFields()`.

 * {@code jcifs.smb.client.domain} or {@code jcifs.http.domainController}
 * properties are be specified. <b>With later containers the
 * {@code NtlmHttpFilter} should be used</b>. For custom NTLM HTTP Authentication schemes the {@code NtlmSsp} may be
 * used.
 * <p>
 * Read <a href="../../../ntlmhttpauth.html">jCIFS NTLM HTTP Authentication and the Network Explorer Servlet</a> related
 * information.
 *
 * @deprecated NTLMv1 only
 */