Support to generate OpenAPI schema for custom security type

[woostundy]

First check

• I added a very descriptive title to this issue.
• I used the GitHub search to find a similar issue and didn't find it.
• I searched the FastAPI documentation, with the integrated search.
• I already searched in Google "How to X in FastAPI" and didn't find any information.
• I already read and followed all the tutorial in the docs and didn't find an answer.
• I already checked if it is not related to FastAPI but to Pydantic.
• I already checked if it is not related to FastAPI but to Swagger UI.
• I already checked if it is not related to FastAPI but to ReDoc.
• After submitting this, I commit to:
  • Read open issues with questions until I find 2 issues where I can help someone and add a comment to help there.
  • Or, I already hit the "watch" button in this repository to receive notifications and I commit to help at least 2 people that ask questions in the future.
  • Implement a Pull Request for a confirmed bug.

Example

Here's a self-contained minimal, reproducible, example with my use case:

from fastapi import Depends
from fastapi.security.api_key import APIKeyBase
from fastapi.openapi.models import APIKey, APIKeyIn

class HMACModel(BaseModel):
    api_key: APIKey = APIKey(**{"in": APIKeyIn.header}, name='Api-Key')
    signature: APIKey = APIKey(**{"in": APIKeyIn.header}, name='Signature')


class HMACAuth(APIKeyBase):
    model = HMACModel()
    scheme_name = 'HMACAuth'

async def __call__(self, request: Request):
    api_key = request.headers.get('Api-Key')
    signature = request.headers.get('Signature')
    print('check signature...')
    return api_key

@app.get('/')
async def test(auth=Depends(HMACAuth())):
    return ''

Description

I define a custom security which has two APIKeys in header by the code above.
It can be analysis in fastapi/openapi/utils.py->get_openapi_path and get the correct output.
But when it be pass into the OpenAPI object, the security field turn into HTTPBearer type.
So the authentication part of docs is generated like that, but not my schema:

Security Scheme Type	HTTP
HTTP Authorization Scheme	bearer

The solution you would like

Support custom security schema or give some way to solve it.
We need more best practices example in tutorial.

Environment

• macOS

• FastAPI Version [0.52.0]:

• Python version:
  3.7.5

Thanks.

[woostundy]

I find that it may be a flaw of OpenAPI.
Custom security types are not supported in OpenAPI, too. The solution of "mutiple api keys" in OpenAPI is define mutiple "ApiKeys" security sheme, and make them work together in path operation's security. It's weird and hard to describe in ONE security model of FastAPI.

related issue: OpenAPI-Specification/issues/2292