on:  `But why did they live at the bottom of a well?'

  `Take some more tea,' the March Hare said to Alice, very
earnestly.

  `I've had nothing yet,' Alice replied in an offended tone, `so
I can't take more.'

  `You mean you can't take LESS,' said the Hatter:  `it's very
easy to take MORE than nothing.'

  `Nobody asked YOUR opinion,' said Alice.

# Sub-dependencies { #sub-dependencies }

You can create dependencies that have **sub-dependencies**.

They can be as **deep** as you need them to be.

**FastAPI** will take care of solving them.

## First dependency "dependable" { #first-dependency-dependable }

You could create a first dependency ("dependable") like:

{* ../../docs_src/dependencies/tutorial005_an_py310.py hl[8:9] *}

        validator.addToBlacklist("\\share\\test");
        validator.addToWhitelist("\\share\\test");

        // Blacklist should take priority
        try {
            validator.validatePath("\\share\\test\\file.txt");
            fail("Blacklist should take priority over whitelist");
        } catch (SmbException e) {
            assertTrue(e.getMessage().contains("not allowed"));
        }
    }

An example could be that you have an external authentication provider that you need to call.

You send it a token and it returns an authenticated user.

This provider might be charging you per request, and calling it might take some extra time than if you had a fixed mock user for tests.

You probably want to test the external provider once, but not necessarily call it for every test that runs.

	DB.Delete(&users3[0].Account)

	if err := DB.Preload(clause.Associations).Take(&user4, "id = ?", users3[0].ID).Error; err != nil || user4.Account.ID != 0 {
		t.Errorf("failed to query, got error %v, account: %#v", err, user4.Account)
	}

	if err := DB.Preload(clause.Associations, func(tx *gorm.DB) *gorm.DB {
		return tx.Unscoped()
	}).Take(&user4, "id = ?", users3[0].ID).Error; err != nil || user4.Account.ID == 0 {

            // TODO Should this be changed for MNG-6754 too?
            snapshot.setTimestamp(getDeploymentTimestamp());

            // we update the build number anyway so that it doesn't get lost. It requires the timestamp to take effect
            try {
                int buildNumber = resolveLatestSnapshotBuildNumber(artifact, localRepository, remoteRepository);

                snapshot.setBuildNumber(buildNumber + 1);

    // We need to handle long logger names before they hit Log.
    // java.lang.IllegalArgumentException: Log tag "okhttp3.mockwebserver.MockWebServer" exceeds limit of 23 characters
    return knownLoggers[loggerName] ?: loggerName.take(23)
  }

  fun enable() {
    try {
      for ((logger, tag) in knownLoggers) {
        enableLogging(logger, tag)
      }
    } catch (re: RuntimeException) {

		f:      formatBZ2,
	},
}

type untarOptions struct {
	ignoreDirs bool
	ignoreErrs bool
	prefixAll  string
}

// disconnectReader will ensure that no reads can take place on
// the upstream reader after close has been called.
type disconnectReader struct {
	r  io.Reader
	mu sync.Mutex
}

func (d *disconnectReader) Read(p []byte) (n int, err error) {
	d.mu.Lock()

The security and dependency injection stuff is written once.

And you can make it as complex as you want. And still, have it written only once, in a single place. With all the flexibility.

But you can have thousands of endpoints (*path operations*) using the same security system.

And all of them (or any portion of them that you want) can take advantage of re-using these dependencies or any other dependencies you create.

///

## OpenID Connect { #openid-connect }

OpenID Connect is another specification, based on **OAuth2**.

It just extends OAuth2 specifying some things that are relatively ambiguous in OAuth2, to try to make it more interoperable.

For example, Google login uses OpenID Connect (which underneath uses OAuth2).

But Facebook login doesn't support OpenID Connect. It has its own flavor of OAuth2.