Major I've used this simple file:
openapi: 3.0.0
servers:
- description: Description
url: http://example.com
info:
version: "1.0.0"
title: Sample Application Project
description: >-
This is an example of usingĀ Flow in a specification to
describe security to your API.
security:
- openID:
- read
- write
paths:
/example:
get:
summary: Server example operation
description: >-
This is an example operation to show how security is applied to the
call.
responses:
'200':
description: OK
/ping:
get:
summary: Server heartbeat operation
description: >-
This operation shows how to override the global security defined above,
as we want to open it up for all users.
security:
- openID:
- read
- write
responses:
'200':
description: OK
components:
schemas: {}
securitySchemes:
openID:
type: openIdConnect
openIdConnectUrl: 'http://example.com/oauth/token'
It is valid OAS3 specification. I've done validation by this schema https://raw.githubusercontent.com/OAI/OpenAPI-Specification/master/schemas/v3.0/schema.json
The error from Toolbox is:
{
"code": "E_3SCALE",
"message": "Unexpected security scheme type openIdConnect",
"class": "ThreeScaleToolbox::Error"
}