# Security Tools

When you need to declare dependencies with OAuth2 scopes you use `Security()`.

But you still need to define what is the dependable, the callable that you pass as a parameter to `Depends()` or `Security()`.

There are multiple tools that you can use to create those dependables, and they get integrated into OpenAPI so they are shown in the automatic docs UI, they can be used by automatically generated clients and SDKs, etc.

        assertTrue(baseScore > 0);

        // Active channel should have lower score (busy penalty)
        channelInfo.setState(ChannelState.ACTIVE);
        int activeScore = channelInfo.getScore();
        assertTrue(activeScore < baseScore);

        // Failed channel should have zero score
        channelInfo.setState(ChannelState.FAILED);
        assertEquals(0, channelInfo.getScore());

    /** Logger instance for this class */
    private static final Logger logger = LogManager.getLogger(QueryFieldConfig.class);

    /** Field name for document score in search results */
    public static final String SCORE_FIELD = "score";

    /** Field name for OpenSearch document score */
    public static final String DOC_SCORE_FIELD = "_score";

    /** Field name for site information in search results */

<img src="/img/tutorial/security/image10.png">

/// note

Notice the header `Authorization`, with a value that starts with `Bearer `.

///

## Advanced usage with `scopes` { #advanced-usage-with-scopes }

OAuth2 has the notion of "scopes".

You can use them to add a specific set of permissions to a JWT token.

        resolutionErrorHandler.throwErrors(request, result);
        assertEquals(2, result.getArtifacts().size());

        //
        // System scoped version which should
        //
        d.setScope(Artifact.SCOPE_SYSTEM);
        File file = new File(getBasedir(), "src/test/repository-system/maven-core-2.1.0.jar");
        assertTrue(file.exists());

    mockWebServer.start(slackApi.port);
  }

  public HttpUrl newAuthorizeUrl(String scopes, String team, Listener listener) {
    if (mockWebServer == null) throw new IllegalStateException();

    ByteString state = randomToken();
    synchronized (this) {
      listeners.put(state, listener);
    }

    return slackApi.authorizeUrl(scopes, redirectUrl(), state, team);
  }

  private ByteString randomToken() {

```

::: fastapi.Depends

## `Security()`

For many scenarios, you can handle security (authorization, authentication, etc.) with dependencies, using `Depends()`.

But when you want to also declare OAuth2 scopes, you can use `Security()` instead of `Depends()`.

You can import `Security()` directly from `fastapi`:

```python
from fastapi import Security
```

/// note | Hinweis

Beachten Sie den Header `Authorization` mit einem Wert, der mit `Bearer` beginnt.

///

## Fortgeschrittene Verwendung mit `scopes`

OAuth2 hat ein Konzept von <abbr title="Geltungsbereiche">„Scopes“</abbr>.

Sie können diese verwenden, um einem JWT-Token einen bestimmten Satz von Berechtigungen zu übergeben.

<img src="/img/tutorial/security/image10.png">

/// note | Nota

Observa el header `Authorization`, con un valor que comienza con `Bearer `.

///

## Uso avanzado con `scopes`

OAuth2 tiene la noción de "scopes".

Puedes usarlos para agregar un conjunto específico de permisos a un token JWT.

	}

	if len(stmt.Joins) > 0 {
		newStmt.Joins = make([]join, len(stmt.Joins))
		copy(newStmt.Joins, stmt.Joins)
	}

	if len(stmt.scopes) > 0 {
		newStmt.scopes = make([]func(*DB) *DB, len(stmt.scopes))
		copy(newStmt.scopes, stmt.scopes)
	}

	stmt.Settings.Range(func(k, v interface{}) bool {
		newStmt.Settings.Store(k, v)
		return true
	})

	return newStmt
}