diff --git a/composer.json b/composer.json
index 99f8872..0d90f2a 100644
--- a/composer.json
+++ b/composer.json
@@ -9,8 +9,8 @@
         }
     ],
     "require": {
-        "php": ">=7.0",
-        "phpdocumentor/reflection-docblock": "^4.3",
+        "php": ">=7.1",
+        "phpdocumentor/reflection-docblock": "^4.3 || ^5.0",
         "justinrainbow/json-schema": "^5.2"
     },
     "require-dev": {
diff --git a/src/ApiInterface.php b/src/ApiInterface.php
index dfc22e3..cc62577 100644
--- a/src/ApiInterface.php
+++ b/src/ApiInterface.php
@@ -9,11 +9,17 @@
  */
 interface ApiInterface
 {
+    /**
+     * @return mixed
+     */
     public static function parameters();
 
+    /**
+     * @return mixed
+     */
     public static function requestBody();
 
-    public static function responses();
+    public static function responses(): array;
 
-    public static function permissions();
+    public static function permissions(): array;
 }
diff --git a/src/DocGenerator.php b/src/DocGenerator.php
index c10610f..691a312 100644
--- a/src/DocGenerator.php
+++ b/src/DocGenerator.php
@@ -2,10 +2,12 @@
 
 namespace rethink\typedphp;
 
-use ReflectionClass;
 use InvalidArgumentException;
-use phpDocumentor\Reflection\DocBlockFactory;
 use phpDocumentor\Reflection\DocBlock;
+use phpDocumentor\Reflection\DocBlockFactory;
+use ReflectionClass;
+use rethink\typedphp\security\ScopeInterface;
+use const PREG_SPLIT_NO_EMPTY;
 
 /**
  * Class DocGenerator
@@ -63,6 +65,7 @@ public function buildApiObject($apiClass)
             'operationId' => $this->getStaticProperty($class, 'op'),
             'parameters' => $parameters ? $this->parser->parse($parameters) : [],
             'responses' => (object)$this->buildResponses($apiClass, $class),
+            'security' => $this->buildSecurity($apiClass),
         ];
 
         if ($bodyDefinition = $this->buildRequestBody($apiClass, $class)) {
@@ -120,17 +123,75 @@ private function parseContentType(\ReflectionClass $class)
             $docblock = DocBlockFactory::createInstance()->create($comment);
             $tags = $docblock->getTagsByName('content-type');
             if (count($tags)) {
-                return trim((string) $tags[0]->getDescription());
+                return trim((string)$tags[0]->getDescription());
             }
         }
         return null;
     }
 
+    /**
+     * @param $apiClass
+     * @return array
+     * @link https://spec.openapis.org/oas/v3.0.1#security-requirement-object
+     */
+    protected function buildSecurity($apiClass): array
+    {
+        if (method_exists($apiClass, 'scopes') === false) {
+            return [];
+        }
+
+        $scopes = $apiClass::scopes();
+
+        // supported format:
+        // 1. Scope
+        // 2. [Scope1, Scope2] AND relation
+        // 3. [[Scope1, Scope2], [Scope3, Scope4]] OR relation
+
+        // only 1 scope
+        if ($scopes instanceof ScopeInterface) {
+            return [
+                [
+                    $scopes->schemeName() => [
+                        $scopes->name(),
+                    ],
+                ]
+            ];
+        }
+
+        if (is_array($scopes)) {
+            // multiple scopes with AND relation
+            if (current($scopes) instanceof ScopeInterface) {
+                return [
+                    $this->buildForAndScopes(...$scopes)
+                ];
+            }
+            // multiple scopes with OR relation
+            if (is_array(current($scopes))) {
+                $security = [];
+                foreach ($scopes as $scope) {
+                    $security[] = $this->buildForAndScopes(...$scope);
+                }
+                return $security;
+            }
+        }
+
+        throw new InvalidArgumentException('Invalid scopes definition.');
+    }
+
+    protected function buildForAndScopes(ScopeInterface ...$scopes): array
+    {
+        $result = [];
+        foreach ($scopes as $scope) {
+            $result[$scope->schemeName()][] = $scope->name();
+        }
+        return $result;
+    }
+
     protected function buildResponses($apiClass, \ReflectionClass $class)
     {
         $responses = [];
 
-        foreach ($apiClass::responses() as $code => $responseDefinition)  {
+        foreach ($apiClass::responses() as $code => $responseDefinition) {
 
             if ($responseDefinition !== null) {
                 $responses[$code] = [
@@ -186,6 +247,58 @@ public function generate()
         return [
             'paths' => (object)$this->buildPathsObject(),
             'schemas' => (object)$this->parser->getSchemas(),
+            'securitySchemes' => (object)$this->buildSecuritySchemes(),
         ];
     }
+
+    /**
+     * @return array
+     * @link https://spec.openapis.org/oas/v3.0.1#security-scheme-object
+     */
+    protected function buildSecuritySchemes(): array
+    {
+        $scopes = [];
+        foreach ($this->apiClasses as $apiClass) {
+            if (method_exists($apiClass, 'scopes')) {
+                $scopes[] = $this->collectScopes($apiClass::scopes());
+            }
+        }
+        $scopes = array_merge([], ...$scopes);
+
+        $securitySchemes = [];
+        /** @var ScopeInterface $scope */
+        foreach ($scopes as $scope) {
+            if (isset($securitySchemes[$scope->schemeName()])) {
+                $securitySchemes[$scope->schemeName()]['flows']['clientCredentials']['scopes'][$scope->name()] = $scope->description();
+            } else {
+                $securitySchemes[$scope->schemeName()] = [
+                    'type' => 'oauth2',
+                    'flows' => [
+                        'clientCredentials' => [
+                            'tokenUrl' => '',
+                            'scopes' => [
+                                $scope->name() => $scope->description(),
+                            ],
+                        ],
+                    ],
+                ];
+            }
+        }
+        return $securitySchemes;
+    }
+
+    protected function collectScopes($scopes): array
+    {
+        if ($scopes instanceof ScopeInterface) {
+            return [$scopes];
+        }
+        if (is_array($scopes)) {
+            $result = [];
+            foreach ($scopes as $scope) {
+                $result[] = $this->collectScopes($scope);
+            }
+            return array_merge([], ...$result);
+        }
+        throw new InvalidArgumentException('Invalid scopes definition.');
+    }
 }
diff --git a/src/InputValidator.php b/src/InputValidator.php
index 1614dc4..664f121 100644
--- a/src/InputValidator.php
+++ b/src/InputValidator.php
@@ -3,7 +3,9 @@
 namespace rethink\typedphp;
 
 use JsonSchema\Constraints\Constraint;
+use JsonSchema\Constraints\Factory;
 use JsonSchema\Validator;
+use rethink\typedphp\constraints\TypeConstraint;
 
 /**
  * Class InputValidator
@@ -37,8 +39,11 @@ protected function validateInternal($definition, $data, &$result)
         }
 
         $schema = $definition['schema'];
+        
+        $factory = new Factory();
+        $factory->setConstraintClass('type', TypeConstraint::class);
 
-        $validator = new Validator();
+        $validator = new Validator($factory);
 
         $result = $data[$definition['name']];
 
diff --git a/src/TypeParser.php b/src/TypeParser.php
index a745916..65aefae 100644
--- a/src/TypeParser.php
+++ b/src/TypeParser.php
@@ -314,16 +314,28 @@ protected function parseMap(string $definition): array
 
     protected function parseString($definition)
     {
+        static $cached = [];
         $newDefinition = trim($definition, '?');
+
+        $key = $definition;
+        if (is_subclass_of($newDefinition, MapType::class)) {
+            $key = $newDefinition;
+        }
+
+        if (isset($cached[$key])) {
+            return $cached[$key];
+        }
+
         if (is_subclass_of($newDefinition, ProductType::class)) {
-            return $this->parseObject($definition);
+            $cached[$key] = $this->parseObject($definition);
         } elseif (is_subclass_of($newDefinition, SumType::class)) {
-            return $this->parseEnum($definition);
+            $cached[$key]=  $this->parseEnum($definition);
         } elseif (is_subclass_of($newDefinition, MapType::class)) {
-            return $this->parseMap($newDefinition);
+            $cached[$key] = $this->parseMap($newDefinition);
         } else {
-            return $this->parseScalar($definition);
+            $cached[$key] = $this->parseScalar($definition);
         }
+        return $cached[$key];
     }
 
     /**
diff --git a/src/constraints/TypeConstraint.php b/src/constraints/TypeConstraint.php
new file mode 100644
index 0000000..45cd833
--- /dev/null
+++ b/src/constraints/TypeConstraint.php
@@ -0,0 +1,21 @@
+<?php
+
+declare(strict_types=1);
+
+namespace rethink\typedphp\constraints;
+
+use JsonSchema\Constraints\Factory;
+
+class TypeConstraint extends \JsonSchema\Constraints\TypeConstraint
+{
+    protected function toBoolean($value)
+    {
+        if ($value === 1 || $value === '1') {
+            return true;
+        } elseif ($value === 0 || $value === '0') {
+            return false;
+        } else {
+            return parent::toBoolean($value);
+        }
+    }
+}
diff --git a/src/security/ScopeInterface.php b/src/security/ScopeInterface.php
new file mode 100644
index 0000000..baa3670
--- /dev/null
+++ b/src/security/ScopeInterface.php
@@ -0,0 +1,14 @@
+<?php
+
+namespace rethink\typedphp\security;
+
+interface ScopeInterface
+{
+    public function name(): string;
+
+    public function description(): string;
+
+    public function schemeName(): string;
+
+    public function security(): ?SecurityScheme;
+}
diff --git a/src/security/SecurityScheme.php b/src/security/SecurityScheme.php
new file mode 100644
index 0000000..7a79863
--- /dev/null
+++ b/src/security/SecurityScheme.php
@@ -0,0 +1,19 @@
+<?php
+
+namespace rethink\typedphp\security;
+
+interface SecurityScheme
+{
+    // for now, we only support the default security schema
+    //
+    // {
+    //   type: oauth2
+    //   flows: {
+    //     clientCredentials: {
+    //       tokenUrl: "https://example.com/oauth/token"
+    //       scopes: {
+    //         read: "Grants read access" // scopes loaded from ScopeInterface
+    //       }
+    //     }
+    //   }
+}
diff --git a/tests/TypeTest.php b/tests/TypeTest.php
index 5a2595e..682f6c2 100644
--- a/tests/TypeTest.php
+++ b/tests/TypeTest.php
@@ -641,6 +641,121 @@ public function testTypeToArrayWithRef($type, $expect, $schema)
     public function inputDataCases()
     {
         return [
+            // cast integer to bool values
+            [
+                [
+                    'query' => ['a' => '1'],
+                ],
+                [
+                    [
+                        'name' => 'a',
+                        'in' => 'query',
+                        'required' => true,
+                        'schema' => [
+                            'type' => 'boolean',
+                        ],
+                    ],
+                ],
+                [],
+                [
+                    'query' => ['a' => true],
+                ],
+            ],
+            [
+                [
+                    'query' => ['a' => '0'],
+                ],
+                [
+                    [
+                        'name' => 'a',
+                        'in' => 'query',
+                        'required' => true,
+                        'schema' => [
+                            'type' => 'boolean',
+                        ],
+                    ],
+                ],
+                [],
+                [
+                    'query' => ['a' => false],
+                ],
+            ],
+            [
+                [
+                    'query' => ['a' => 1],
+                ],
+                [
+                    [
+                        'name' => 'a',
+                        'in' => 'query',
+                        'required' => true,
+                        'schema' => [
+                            'type' => 'boolean',
+                        ],
+                    ],
+                ],
+                [],
+                [
+                    'query' => ['a' => true],
+                ],
+            ],
+            [
+                [
+                    'query' => ['a' => 0],
+                ],
+                [
+                    [
+                        'name' => 'a',
+                        'in' => 'query',
+                        'required' => true,
+                        'schema' => [
+                            'type' => 'boolean',
+                        ],
+                    ],
+                ],
+                [],
+                [
+                    'query' => ['a' => false],
+                ],
+            ],
+            [
+                [
+                    'query' => ['a' => 'true'],
+                ],
+                [
+                    [
+                        'name' => 'a',
+                        'in' => 'query',
+                        'required' => true,
+                        'schema' => [
+                            'type' => 'boolean',
+                        ],
+                    ],
+                ],
+                [],
+                [
+                    'query' => ['a' => true],
+                ],
+            ],
+            [
+                [
+                    'query' => ['a' => 'false'],
+                ],
+                [
+                    [
+                        'name' => 'a',
+                        'in' => 'query',
+                        'required' => true,
+                        'schema' => [
+                            'type' => 'boolean',
+                        ],
+                    ],
+                ],
+                [],
+                [
+                    'query' => ['a' => false],
+                ],
+            ],
             // missing required input field
             [
                 [