From 4e42746da4e5d1c2a64ab2dc3358cb5cbc86186b Mon Sep 17 00:00:00 2001
From: Patrice Krakow <patrice.krakow@gmail.com>
Date: Thu, 5 Dec 2019 04:59:57 +0100
Subject: [PATCH] Fix 'Security Scheme Object' definition with OAuth 2.0 grant
 types. (#2006)

Signed-off-by: Mike Ralphson <mike.ralphson@gmail.com>
---
 versions/3.1.0.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/versions/3.1.0.md b/versions/3.1.0.md
index 019c779d5f..1ab23dcd70 100644
--- a/versions/3.1.0.md
+++ b/versions/3.1.0.md
@@ -3158,7 +3158,8 @@ animals:
 #### <a name="securitySchemeObject"></a>Security Scheme Object
 
 Defines a security scheme that can be used by the operations.
-Supported schemes are HTTP authentication, an API key (either as a header, a cookie parameter or as a query parameter), mutual TLS (use of a client certificate), OAuth2's common flows (implicit, password, application and access code) as defined in [RFC6749](https://tools.ietf.org/html/rfc6749), and [OpenID Connect](https://openid.net/specs/openid-connect-core-1_0.html). 
+
+Supported schemes are HTTP authentication, an API key (either as a header, a cookie parameter or as a query parameter), mutual TLS (use of a client certificate), OAuth2's common flows (implicit, password, client credentials and authorization code) as defined in [RFC6749](https://tools.ietf.org/html/rfc6749), and [OpenID Connect Discovery](https://tools.ietf.org/html/draft-ietf-oauth-discovery-06).
  Please note that currently (2019) the implicit flow is about to be deprecated [OAuth 2.0 Security Best Current Practice](https://tools.ietf.org/id/draft-ietf-oauth-security-topics). Recommended for most use case is Authorization Code Grant flow with PKCE.
 
 ##### Fixed Fields