diff --git a/fastapi/param_functions.py b/fastapi/param_functions.py
index b3621626c..e44ce4f70 100644
--- a/fastapi/param_functions.py
+++ b/fastapi/param_functions.py
@@ -2295,7 +2295,8 @@ def Security(  # noqa: N802
         Doc(
             """
             OAuth2 scopes required for the *path operation* that uses this Security
-            dependency.
+            dependency. If a string is given, the list of scopes will have only one scope
+            defined by the string value.
 
             The term "scope" comes from the OAuth2 specification, it seems to be
             intentionally vague and interpretable. It normally refers to permissions,
diff --git a/fastapi/params.py b/fastapi/params.py
index 8f5601dd3..b18a3f064 100644
--- a/fastapi/params.py
+++ b/fastapi/params.py
@@ -783,4 +783,7 @@ class Security(Depends):
         use_cache: bool = True,
     ):
         super().__init__(dependency=dependency, use_cache=use_cache)
-        self.scopes = scopes or []
+        if isinstance(scopes, str):
+            self.scopes: Sequence[str] = [scopes]
+        else:
+            self.scopes = scopes or []
diff --git a/tests/test_security_oauth2_scopes.py b/tests/test_security_oauth2_scopes.py
new file mode 100644
index 000000000..3711d6556
--- /dev/null
+++ b/tests/test_security_oauth2_scopes.py
@@ -0,0 +1,53 @@
+from typing import List
+
+from fastapi import FastAPI, Security
+from fastapi.params import Depends
+from fastapi.security import OAuth2PasswordBearer
+from fastapi.security.oauth2 import SecurityScopes
+from fastapi.testclient import TestClient
+
+app = FastAPI()
+
+oauth2_scheme = OAuth2PasswordBearer(
+    tokenUrl="token",
+    scopes={"me": "Read information about the current user.", "items": "Read items."},
+)
+
+
+def get_security_scopes(
+    security_scopes: SecurityScopes, token=Depends(oauth2_scheme)
+) -> List[str]:
+    return security_scopes.scopes
+
+
+@app.get("/me")
+async def read_single_scope(
+    current_scope=Security(get_security_scopes, scopes="me"),
+):
+    return {"scopes": current_scope}
+
+
+@app.get("/me-and-items")
+async def read_multiple_scopes(
+    current_scope=Security(get_security_scopes, scopes=["me", "items"]),
+):
+    return {"scopes": current_scope}
+
+
+client = TestClient(app)
+
+
+def test_single_scope_string():
+    response = client.get("/me", headers={"Authorization": "Bearer sometoken"})
+
+    assert response.status_code == 200
+    assert response.json() == {"scopes": ["me"]}
+
+
+def test_list_scopes():
+    response = client.get(
+        "/me-and-items", headers={"Authorization": "Bearer sometoken"}
+    )
+
+    assert response.status_code == 200
+    assert response.json() == {"scopes": ["me", "items"]}