diff --git a/versions/3.0.4.md b/versions/3.0.4.md index 5ef3e607af..a9bdbc82ab 100644 --- a/versions/3.0.4.md +++ b/versions/3.0.4.md @@ -2744,13 +2744,12 @@ The OpenAPI Specification allows combining and extending model definitions using `allOf` takes an array of object definitions that are validated *independently* but together compose a single object. While composition offers model extensibility, it does not imply a hierarchy between the models. -To support polymorphism, the OpenAPI Specification adds the `discriminator` field. +To support polymorphism, the OpenAPI Specification adds the [`discriminator`](#schemaDiscriminator) field. When used, the `discriminator` indicates the name of the property that hints which schema definition is expected to validate the structure of the model. As such, the `discriminator` field MUST be a required field. There are two ways to define the value of a discriminator for an inheriting instance. - Use the schema name. -- Override the schema name by overriding the property with a new value. If a new value exists, this takes precedence over the schema name. -As such, inline schema definitions, which do not have a given id, *cannot* be used in polymorphism. +- [Override the schema name](#discriminatorMapping) by overriding the property with a new value. If a new value exists, this takes precedence over the schema name. ###### XML Modeling @@ -3606,7 +3605,9 @@ animals: #### Security Scheme Object Defines a security scheme that can be used by the operations. + Supported schemes are HTTP authentication, an API key (either as a header, a cookie parameter or as a query parameter), OAuth2's common flows (implicit, password, client credentials and authorization code) as defined in [RFC6749](https://tools.ietf.org/html/rfc6749), and [OpenID Connect Core](https://openid.net/specs/openid-connect-core-1_0.html). +Please note that as of 2020, the implicit flow is about to be deprecated by [OAuth 2.0 Security Best Current Practice](https://tools.ietf.org/html/draft-ietf-oauth-security-topics). Recommended for most use case is Authorization Code Grant flow with PKCE. ##### Fixed Fields Field Name | Type | Applies To | Description