From 08fca96b0120fce28e854981884c5e7556178cd7 Mon Sep 17 00:00:00 2001
From: Shilpa Padgaonkar <77152136+shilpa-padgaonkar@users.noreply.github.com>
Date: Sat, 24 Feb 2024 09:27:04 +0100
Subject: [PATCH 1/5] Fix incorrect OpenIDConnect discovery url

Fixes #3152

Signed-off-by: Henry H. Andrews <andrews_henry@yahoo.com>
---
 versions/3.2.0.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/versions/3.2.0.md b/versions/3.2.0.md
index f64b23114a..acc6d9698a 100644
--- a/versions/3.2.0.md
+++ b/versions/3.2.0.md
@@ -3399,7 +3399,7 @@ animals:
 
 Defines a security scheme that can be used by the operations.
 
-Supported schemes are HTTP authentication, an API key (either as a header, a cookie parameter or as a query parameter), mutual TLS (use of a client certificate), OAuth2's common flows (implicit, password, client credentials and authorization code) as defined in [RFC6749](https://tools.ietf.org/html/rfc6749), OAuth2 device authorization flow as defined in [RFC8628](https://tools.ietf.org/html/rfc8628), and [OpenID Connect Discovery](https://tools.ietf.org/html/draft-ietf-oauth-discovery-06).
+Supported schemes are HTTP authentication, an API key (either as a header, a cookie parameter or as a query parameter), mutual TLS (use of a client certificate), OAuth2's common flows (implicit, password, client credentials and authorization code) as defined in [RFC6749](https://tools.ietf.org/html/rfc6749), OAuth2 device authorization flow as defined in [RFC8628](https://tools.ietf.org/html/rfc8628), and [OpenID Connect Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html).
 Please note that as of 2020, the implicit flow is about to be deprecated by [OAuth 2.0 Security Best Current Practice](https://tools.ietf.org/html/draft-ietf-oauth-security-topics). Recommended for most use case is Authorization Code Grant flow with PKCE.
 
 ##### Fixed Fields

From 79fe5bb697ad1f05d7a204db2ba5220ad33fe93a Mon Sep 17 00:00:00 2001
From: Shilpa Padgaonkar <77152136+shilpa-padgaonkar@users.noreply.github.com>
Date: Mon, 4 Mar 2024 10:20:24 +0100
Subject: [PATCH 2/5] changed ref and url -Update 3.2.0.md

Signed-off-by: Henry H. Andrews <andrews_henry@yahoo.com>
---
 versions/3.2.0.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/versions/3.2.0.md b/versions/3.2.0.md
index acc6d9698a..bd85f96603 100644
--- a/versions/3.2.0.md
+++ b/versions/3.2.0.md
@@ -3399,7 +3399,7 @@ animals:
 
 Defines a security scheme that can be used by the operations.
 
-Supported schemes are HTTP authentication, an API key (either as a header, a cookie parameter or as a query parameter), mutual TLS (use of a client certificate), OAuth2's common flows (implicit, password, client credentials and authorization code) as defined in [RFC6749](https://tools.ietf.org/html/rfc6749), OAuth2 device authorization flow as defined in [RFC8628](https://tools.ietf.org/html/rfc8628), and [OpenID Connect Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html).
+Supported schemes are HTTP authentication, an API key (either as a header, a cookie parameter or as a query parameter), mutual TLS (use of a client certificate), OAuth2's common flows (implicit, password, client credentials and authorization code) as defined in [RFC6749](https://tools.ietf.org/html/rfc6749), OAuth2 device authorization flow as defined in [RFC8628](https://tools.ietf.org/html/rfc8628), and [OpenID Connect Core](https://openid.net/specs/openid-connect-core-1_0.html).
 Please note that as of 2020, the implicit flow is about to be deprecated by [OAuth 2.0 Security Best Current Practice](https://tools.ietf.org/html/draft-ietf-oauth-security-topics). Recommended for most use case is Authorization Code Grant flow with PKCE.
 
 ##### Fixed Fields

From c29b5e6a77754171c7fccf3dd74675a4f6cc6326 Mon Sep 17 00:00:00 2001
From: Matthias Mohr <matthias@mohr.ws>
Date: Fri, 19 Apr 2024 20:30:26 +0200
Subject: [PATCH 3/5] Clarify openIdConnectUrl #3630

---
 versions/3.2.0.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/versions/3.2.0.md b/versions/3.2.0.md
index bd85f96603..d5608a1a53 100644
--- a/versions/3.2.0.md
+++ b/versions/3.2.0.md
@@ -3412,7 +3412,7 @@ Field Name | Type | Applies To | Description
 <a name="securitySchemeScheme"></a>scheme | `string` | `http` | **REQUIRED**. The name of the HTTP Authentication scheme to be used in the [Authorization header as defined in RFC7235](https://tools.ietf.org/html/rfc7235#section-5.1).  The values used SHOULD be registered in the [IANA Authentication Scheme registry](https://www.iana.org/assignments/http-authschemes/http-authschemes.xhtml).  The value is case-insensitive, as defined in [RFC7235](https://datatracker.ietf.org/doc/html/rfc7235#section-2.1).
 <a name="securitySchemeBearerFormat"></a>bearerFormat | `string` | `http` (`"bearer"`) | A hint to the client to identify how the bearer token is formatted.  Bearer tokens are usually generated by an authorization server, so this information is primarily for documentation purposes.
 <a name="securitySchemeFlows"></a>flows | [OAuth Flows Object](#oauthFlowsObject) | `oauth2` | **REQUIRED**. An object containing configuration information for the flow types supported.
-<a name="securitySchemeOpenIdConnectUrl"></a>openIdConnectUrl | `string` | `openIdConnect` | **REQUIRED**. OpenId Connect URL to discover OAuth2 configuration values. This MUST be in the form of a URL. The OpenID Connect standard requires the use of TLS.
+<a name="securitySchemeOpenIdConnectUrl"></a>openIdConnectUrl | `string` | `openIdConnect` | **REQUIRED**. OpenID Connect URL to discover the [OpenID Connect Configuration Information](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig). This MUST be in the form of a URL that points to the well-known document and ends with `/.well-known/openid-configuration`. The OpenID Connect standard requires the use of TLS.
 <a name="securitySchemeOauth2MetadataUrl"></a>oauth2MetadataUrl | `string` | `oauth2` | URL to the oauth2 authorization server metadata [RFC8414](https://datatracker.ietf.org/doc/html/rfc8414). TLS is required.
 <a name="securitySchemeDeprecated"></a>deprecated | `boolean` | Declares this security scheme to be deprecated. Consumers SHOULD refrain from usage of the declared scheme. Default value is `false`.
 

From 6270f8f0ddd65c4d3e17bafb2a75dae7bfdc659e Mon Sep 17 00:00:00 2001
From: Matthias Mohr <matthias@mohr.ws>
Date: Thu, 25 Apr 2024 21:54:06 +0200
Subject: [PATCH 4/5] Update versions/3.2.0.md

---
 versions/3.2.0.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/versions/3.2.0.md b/versions/3.2.0.md
index d5608a1a53..96c3f6f0ce 100644
--- a/versions/3.2.0.md
+++ b/versions/3.2.0.md
@@ -3412,7 +3412,7 @@ Field Name | Type | Applies To | Description
 <a name="securitySchemeScheme"></a>scheme | `string` | `http` | **REQUIRED**. The name of the HTTP Authentication scheme to be used in the [Authorization header as defined in RFC7235](https://tools.ietf.org/html/rfc7235#section-5.1).  The values used SHOULD be registered in the [IANA Authentication Scheme registry](https://www.iana.org/assignments/http-authschemes/http-authschemes.xhtml).  The value is case-insensitive, as defined in [RFC7235](https://datatracker.ietf.org/doc/html/rfc7235#section-2.1).
 <a name="securitySchemeBearerFormat"></a>bearerFormat | `string` | `http` (`"bearer"`) | A hint to the client to identify how the bearer token is formatted.  Bearer tokens are usually generated by an authorization server, so this information is primarily for documentation purposes.
 <a name="securitySchemeFlows"></a>flows | [OAuth Flows Object](#oauthFlowsObject) | `oauth2` | **REQUIRED**. An object containing configuration information for the flow types supported.
-<a name="securitySchemeOpenIdConnectUrl"></a>openIdConnectUrl | `string` | `openIdConnect` | **REQUIRED**. OpenID Connect URL to discover the [OpenID Connect Configuration Information](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig). This MUST be in the form of a URL that points to the well-known document and ends with `/.well-known/openid-configuration`. The OpenID Connect standard requires the use of TLS.
+<a name="securitySchemeOpenIdConnectUrl"></a>openIdConnectUrl | `string` | `openIdConnect` | **REQUIRED**. [Well-known URL](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig) to discover the [OpenID Provider Metadata](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata).
 <a name="securitySchemeOauth2MetadataUrl"></a>oauth2MetadataUrl | `string` | `oauth2` | URL to the oauth2 authorization server metadata [RFC8414](https://datatracker.ietf.org/doc/html/rfc8414). TLS is required.
 <a name="securitySchemeDeprecated"></a>deprecated | `boolean` | Declares this security scheme to be deprecated. Consumers SHOULD refrain from usage of the declared scheme. Default value is `false`.
 

From 14197c48a7f450b06dd24877090f714912883540 Mon Sep 17 00:00:00 2001
From: Matthias Mohr <matthias@mohr.ws>
Date: Sat, 27 Apr 2024 11:50:06 +0200
Subject: [PATCH 5/5] Update versions/3.2.0.md

---
 versions/3.2.0.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/versions/3.2.0.md b/versions/3.2.0.md
index 96c3f6f0ce..67d90142b5 100644
--- a/versions/3.2.0.md
+++ b/versions/3.2.0.md
@@ -3412,7 +3412,7 @@ Field Name | Type | Applies To | Description
 <a name="securitySchemeScheme"></a>scheme | `string` | `http` | **REQUIRED**. The name of the HTTP Authentication scheme to be used in the [Authorization header as defined in RFC7235](https://tools.ietf.org/html/rfc7235#section-5.1).  The values used SHOULD be registered in the [IANA Authentication Scheme registry](https://www.iana.org/assignments/http-authschemes/http-authschemes.xhtml).  The value is case-insensitive, as defined in [RFC7235](https://datatracker.ietf.org/doc/html/rfc7235#section-2.1).
 <a name="securitySchemeBearerFormat"></a>bearerFormat | `string` | `http` (`"bearer"`) | A hint to the client to identify how the bearer token is formatted.  Bearer tokens are usually generated by an authorization server, so this information is primarily for documentation purposes.
 <a name="securitySchemeFlows"></a>flows | [OAuth Flows Object](#oauthFlowsObject) | `oauth2` | **REQUIRED**. An object containing configuration information for the flow types supported.
-<a name="securitySchemeOpenIdConnectUrl"></a>openIdConnectUrl | `string` | `openIdConnect` | **REQUIRED**. [Well-known URL](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig) to discover the [OpenID Provider Metadata](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata).
+<a name="securitySchemeOpenIdConnectUrl"></a>openIdConnectUrl | `string` | `openIdConnect` | **REQUIRED**. [Well-known URL](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig) to discover the [OpenID provider metadata](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata).
 <a name="securitySchemeOauth2MetadataUrl"></a>oauth2MetadataUrl | `string` | `oauth2` | URL to the oauth2 authorization server metadata [RFC8414](https://datatracker.ietf.org/doc/html/rfc8414). TLS is required.
 <a name="securitySchemeDeprecated"></a>deprecated | `boolean` | Declares this security scheme to be deprecated. Consumers SHOULD refrain from usage of the declared scheme. Default value is `false`.