🐛 0.120.3 breaks `SecurityBase` based dependencies in OpenAPI

Edit: Added as an issue for completeness and history.

### Discussed in https://github.com/fastapi/fastapi/discussions/14263

<div type='discussions-op-text'>

<sup>Originally posted by **oldfielj-ansto** October 31, 2025</sup>
### First Check

- [X] I added a very descriptive title here.
- [X] I used the GitHub search to find a similar question and didn't find it.
- [X] I searched the FastAPI documentation, with the integrated search.
- [X] I already searched in Google "How to X in FastAPI" and didn't find any information.
- [X] I already read and followed all the tutorial in the docs and didn't find an answer.
- [X] I already checked if it is not related to FastAPI but to [Pydantic](https://github.com/pydantic/pydantic).
- [X] I already checked if it is not related to FastAPI but to [Swagger UI](https://github.com/swagger-api/swagger-ui).
- [X] I already checked if it is not related to FastAPI but to [ReDoc](https://github.com/Redocly/redoc).

### Commit to Help

- [X] I commit to help with one of those options 👆

### Example Code

```python
from uvicorn import run
from fastapi import FastAPI, Depends
from fastapi.security import OpenIdConnect


_oidc = OpenIdConnect(
    openIdConnectUrl="https://localhost/auth/realms/test/.well-known/openid-configuration",
)

app = FastAPI(
    title="My Application",
    docs_url="/swagger",
    redoc_url="/docs",
    openapi_url="/openapi.json",
    dependencies=(Depends(_oidc),),
)


@app.get("/")
async def hello_world():
    return {"Hello": "World"}


if __name__ == "__main__":
    run(app=app, port=8080)
```


### Description

# Under FastAPI **0.120.2**

* Run the example code and navigate to [http://localhost:8080/swagger](http://localhost:8080/swagger)
* Notice that the green "Authorize" button is present and user can choose to authenticate a session, padlock icon is also present on root endpoint.
* Calling the endpoint normally without user being authorized, results in expected 403 status.

# Under FastAPI **0.120.3**

* Run the example code and navigate to [http://localhost:8080/swagger](http://localhost:8080/swagger)
* Notice that the green "Authorize" button is missing and user cannot choose to authenticate a session, padlock icon is also missing on root endpoint.
* Calling the endpoint normally without user being authorized, results in expected 403 status.

As well as testing `Depends` I have tested with `Security` to declare the dependency, which results in the same behavior.

What I'd expect is that FastAPI **0.120.3** displays consistent behavior with FastAPI **0.120.2**, when defining a security dependency, and that the "Authorize" button and padlock icon on the root endpoint would be displayed in the auto generated Swagger documentation.

It would seem that in **0.120.3**, the security section of the generated `openapi.json` file is omitted.

## Under FastAPI **0.120.2**
```json
{
  "openapi": "3.1.0",
  "info": {
    "title": "My Application",
    "version": "0.1.0"
  },
  "paths": {
    "/": {
      "get": {
        "summary": "Hello World",
        "operationId": "hello_world__get",
        "responses": {
          "200": {
            "description": "Successful Response",
            "content": {
              "application/json": {
                "schema": {}
              }
            }
          }
        },
        "security": [
          {
            "OpenIdConnect": []
          }
        ]
      }
    }
  },
  "components": {
    "securitySchemes": {
      "OpenIdConnect": {
        "type": "openIdConnect",
        "openIdConnectUrl": "https://localhost/auth/realms/test/.well-known/openid-configuration"
      }
    }
  }
}
```

## Under FastAPI **0.120.3**
```json
{
  "openapi": "3.1.0",
  "info": {
    "title": "My Application",
    "version": "0.1.0"
  },
  "paths": {
    "/": {
      "get": {
        "summary": "Hello World",
        "operationId": "hello_world__get",
        "responses": {
          "200": {
            "description": "Successful Response",
            "content": {
              "application/json": {
                "schema": {}
              }
            }
          }
        }
      }
    }
  }
}
```

If this behavior is expected, and I'm doing something wrong here, please let me know.

Thank you.

### Operating System

Linux

### Operating System Details

Ubuntu 24.04

### FastAPI Version

0.120.3

### Pydantic Version

2.12.3

### Python Version

Python 3.13.8

### Additional Context

# Swagger UI - FastAPI **0.120.2**

<img width="2494" height="1408" alt="Screenshot from 2025-10-31 11-02-46" src="https://github.com/user-attachments/assets/4d539328-3e2b-4277-8c00-bc1a4be49b93" />

# Swagger UI - FastAPI **0.120.3**

<img width="2494" height="1408" alt="Screenshot from 2025-10-31 11-03-47" src="https://github.com/user-attachments/assets/0a3df14e-5765-4b6e-8b91-b2709eba9bfe" />
</div>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

🐛 0.120.3 breaks `SecurityBase` based dependencies in OpenAPI #14271

Discussed in #14263

First Check

Commit to Help

Example Code

Description

Under FastAPI 0.120.2

Under FastAPI 0.120.3

Under FastAPI 0.120.2

Under FastAPI 0.120.3

Operating System

Operating System Details

FastAPI Version

Pydantic Version

Python Version

Additional Context

Swagger UI - FastAPI 0.120.2

Swagger UI - FastAPI 0.120.3

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

🐛 0.120.3 breaks SecurityBase based dependencies in OpenAPI #14271

Description

Discussed in #14263

First Check

Commit to Help

Example Code

Description

Under FastAPI 0.120.2

Under FastAPI 0.120.3

Under FastAPI 0.120.2

Under FastAPI 0.120.3

Operating System

Operating System Details

FastAPI Version

Pydantic Version

Python Version

Additional Context

Swagger UI - FastAPI 0.120.2

Swagger UI - FastAPI 0.120.3

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions

🐛 0.120.3 breaks `SecurityBase` based dependencies in OpenAPI #14271