📝 Update release notes and OAuth2 scopes docs

docs/release-notes.md

@@ -1,5 +1,13 @@
 ## Next release
 
+* Improve/upgrade OAuth2 scopes support with `SecurityScopes`:
+    * `SecurityScopes` can be declared as a parameter like `Request`, to get the scopes of all super-dependencies/dependants.
+    * Improve `Security` handling, merging scopes when declaring `SecurityScopes`.
+    * Allow using `SecurityBase` (like `OAuth2`) classes with `Depends` and still document them. `Security` now is needed only to declare `scopes`.
+    * Updated docs about: <a href="https://fastapi.tiangolo.com/tutorial/security/oauth2-jwt/" target="_blank">OAuth2 with Password (and hashing), Bearer with JWT tokens</a>.
+    * New docs about: <a href="https://fastapi.tiangolo.com/tutorial/security/oauth2-scopes/" target="_blank">OAuth2 scopes</a>.
+    * PR <a href="https://github.com/tiangolo/fastapi/pull/141" target="_blank">#141</a>.
+
 ## 0.12.1
 
 * Fix bug: handling additional `responses` in `APIRouter.include_router()`. PR <a href="https://github.com/tiangolo/fastapi/pull/140" target="_blank">#140</a>.

docs/tutorial/security/oauth2-scopes.md

@@ -1,6 +1,6 @@
 You can use OAuth2 scopes directly with **FastAPI**, they are integrated to work seamlessly.
 
-This would allow you to have a more fine-grained permission system, following standards like OAuth2, integrated into your OpenAPI application (and the API docs).
+This would allow you to have a more fine-grained permission system, following the OAuth2 standard, integrated into your OpenAPI application (and the API docs).
 
 OAuth2 with scopes is the mechanism used by many big authentication providers, like Facebook, Google, GitHub, Microsoft, Twitter, etc. They use it to provide specific permissions to users and applications.