diff --git a/tests/test_security_oauth2_authorization_code_bearer_scopes_openapi.py b/tests/test_security_oauth2_authorization_code_bearer_scopes_openapi.py
index 5c520f9ca..644df8de6 100644
--- a/tests/test_security_oauth2_authorization_code_bearer_scopes_openapi.py
+++ b/tests/test_security_oauth2_authorization_code_bearer_scopes_openapi.py
@@ -2,7 +2,7 @@
 
 from typing import Optional
 
-from fastapi import FastAPI, Security
+from fastapi import APIRouter, FastAPI, Security
 from fastapi.security import OAuth2AuthorizationCodeBearer
 from fastapi.testclient import TestClient
 from inline_snapshot import snapshot
@@ -17,16 +17,45 @@ oauth2_scheme = OAuth2AuthorizationCodeBearer(
 app = FastAPI(dependencies=[Security(oauth2_scheme)])
 
 
-@app.get("/items/")
-async def read_items(token: Optional[str] = Security(oauth2_scheme, scopes=["read"])):
+@app.get("/")
+async def root():
+    return {"message": "Hello World"}
+
+
+router = APIRouter(dependencies=[Security(oauth2_scheme, scopes=["read"])])
+
+
+@router.get("/items/")
+async def read_items(token: Optional[str] = Security(oauth2_scheme)):
     return {"token": token}
 
 
+@router.post("/items/")
+async def create_item(
+    token: Optional[str] = Security(oauth2_scheme, scopes=["read", "write"]),
+):
+    return {"token": token}
+
+
+app.include_router(router)
+
 client = TestClient(app)
 
 
-def test_token():
-    response = client.get("/items", headers={"Authorization": "Bearer testtoken"})
+def test_root():
+    response = client.get("/", headers={"Authorization": "Bearer testtoken"})
+    assert response.status_code == 200, response.text
+    assert response.json() == {"message": "Hello World"}
+
+
+def test_read_token():
+    response = client.get("/items/", headers={"Authorization": "Bearer testtoken"})
+    assert response.status_code == 200, response.text
+    assert response.json() == {"token": "testtoken"}
+
+
+def test_create_token():
+    response = client.post("/items/", headers={"Authorization": "Bearer testtoken"})
     assert response.status_code == 200, response.text
     assert response.json() == {"token": "testtoken"}
 
@@ -39,6 +68,19 @@ def test_openapi_schema():
             "openapi": "3.1.0",
             "info": {"title": "FastAPI", "version": "0.1.0"},
             "paths": {
+                "/": {
+                    "get": {
+                        "summary": "Root",
+                        "operationId": "root__get",
+                        "responses": {
+                            "200": {
+                                "description": "Successful Response",
+                                "content": {"application/json": {"schema": {}}},
+                            }
+                        },
+                        "security": [{"OAuth2AuthorizationCodeBearer": []}],
+                    }
+                },
                 "/items/": {
                     "get": {
                         "summary": "Read Items",
@@ -52,8 +94,21 @@ def test_openapi_schema():
                         "security": [
                             {"OAuth2AuthorizationCodeBearer": ["read"]},
                         ],
-                    }
-                }
+                    },
+                    "post": {
+                        "summary": "Create Item",
+                        "operationId": "create_item_items__post",
+                        "responses": {
+                            "200": {
+                                "description": "Successful Response",
+                                "content": {"application/json": {"schema": {}}},
+                            }
+                        },
+                        "security": [
+                            {"OAuth2AuthorizationCodeBearer": ["read", "write"]},
+                        ],
+                    },
+                },
             },
             "components": {
                 "securitySchemes": {