v3.0.3: Security Scheme, OAuthFlows examples do not validate against the spec

[stuartherbert]

The Security Scheme Object lists the following fields as REQUIRED:

• type
• name
• in
• scheme
• flows
• openIdConnectUrl

The majority of examples (in the same doc) that include SecurityScheme objects, however, are missing many of these fields.

I'm guessing this is a spec error, that whether or not these fields are required is based on the value of the Security Scheme object's type field? If that's correct, does the spec need updating to clarify when these fields are required?

There's a problem with the OAuth Flow Object, where tokenUrl is listed as a REQUIRED field, but is missing from the implicit flow of the inline examples. I'm guessing that this is related - another field that is only required depending on the flow type? If so, does the spec need updating to clarify that too?

[MikeRalphson]

This is the purpose of the "Applies To" column.

[stuartherbert]

@MikeRalphson thank you. Now you've pointed it out, it's obvious. It wasn't at all obvious until then, though.

[MikeRalphson]

Please feel free to suggest additional or alternative wording, though I think this is the first time this has come up.