```

Testing with an example
> Visit [Google Developer Console](https://console.cloud.google.com) under Project, APIs, Credentials to get your OAuth2 client credentials. Add `http://localhost:8080/oauth2/callback` as a valid OAuth2 Redirect URL.

```
$ go run web-identity.go -cid 204367807228-ok7601k6gj1pgge7m09h7d79co8p35xx.apps.googleusercontent.com -csec XsT_PgPdT1nO9DD45rMLJw7G

/// tip | Tipp

Die *Pfadoperation* für `swagger_ui_redirect` ist ein Hilfsmittel bei der Verwendung von OAuth2.

Wenn Sie Ihre API mit einem OAuth2-Anbieter integrieren, können Sie sich authentifizieren und mit den erworbenen Anmeldeinformationen zur API-Dokumentation zurückkehren. Und mit ihr interagieren, die echte OAuth2-Authentifizierung verwendend.

Swagger UI erledigt das hinter den Kulissen für Sie, benötigt aber diesen „Umleitungs“-Helfer.

/// tip

The *path operation* for `swagger_ui_redirect` is a helper for when you use OAuth2.

If you integrate your API with an OAuth2 provider, you will be able to authenticate and come back to the API docs with the acquired credentials. And interact with it using the real OAuth2 authentication.

Swagger UI will handle it behind the scenes for you, but it needs this "redirect" helper.

///

* media type: media type (do not translate to "tipo de medio")
* instantiate: crear un instance (do not translate to "instanciar")
* OAuth2 Scopes: Scopes de OAuth2 (do not translate to "Alcances de OAuth2")
* on the fly: sobre la marcha (do not translate to "al vuelo")
* terminal: terminal (femenine, as in "la terminal")
* terminals: terminales (plural femenine, as in "las terminales")

```

Example:

```
curl -u PoEgXP6uVO45IsENRngDXj5Au5Ya:eKsw6z8CtOJVBtrOWvhRWL4TUCga -k -d "grant_type=client_credentials" -H "Content-Type:application/x-www-form-urlencoded" https://localhost:9443/oauth2/token
```

In response, the self-contained JWT id_token will be returned as shown below.

```
{

    /** OAuth2 state parameter name. */
    protected static final String STATE = "state";

    /** OAuth2 error parameter name. */
    protected static final String ERROR = "error";

    /** OAuth2 error description parameter name. */
    protected static final String ERROR_DESCRIPTION = "error_description";

    /** OAuth2 error URI parameter name. */

    - Security:
      - tutorial/security/index.md
      - tutorial/security/first-steps.md
      - tutorial/security/get-current-user.md
      - tutorial/security/simple-oauth2.md
      - tutorial/security/oauth2-jwt.md
    - tutorial/middleware.md
    - tutorial/cors.md
    - tutorial/sql-databases.md
    - tutorial/bigger-applications.md
    - tutorial/background-tasks.md
    - tutorial/metadata.md

token_url = "http://localhost:8080/auth/realms/minio/protocol/openid-connect/token"

# callback url specified when the application was defined
callback_uri = "http://localhost:8000/oauth2/callback"

# keycloak id and secret
client_id = 'account'
client_secret = 'daaa3008-80f0-40f7-80d7-e15167531ff0'

sts_client = boto3.client(
    'sts',
    region_name='us-east-1',
    use_ssl=False,

```

::: fastapi.Depends

## `Security()`

For many scenarios, you can handle security (authorization, authentication, etc.) with dependencies, using `Depends()`.

But when you want to also declare OAuth2 scopes, you can use `Security()` instead of `Depends()`.

You can import `Security()` directly from `fastapi`:

```python
from fastapi import Security
```

Підтримуються всі схеми безпеки OpenAPI, включаючи:

* HTTP Basic.
* **OAuth2** (також із підтримкою **JWT-токенів**). Див. підручник: [OAuth2 із JWT](tutorial/security/oauth2-jwt.md){.internal-link target=_blank}.
* Ключі API в:
    * Заголовках.
    * Параметрах запиту.
    * Cookies тощо.