Sync 3.0.4 with 3.1.1

OAI · Jul 22, 2024 · f9dc2ef · f9dc2ef
1 parent 5802ec8
commit f9dc2ef
Showing 1 changed file with 4 additions and 3 deletions.
diff --git a/versions/3.0.4.md b/versions/3.0.4.md
@@ -2744,13 +2744,12 @@ The OpenAPI Specification allows combining and extending model definitions using
 `allOf` takes an array of object definitions that are validated *independently* but together compose a single object.
 
 While composition offers model extensibility, it does not imply a hierarchy between the models.
-To support polymorphism, the OpenAPI Specification adds the `discriminator` field.
+To support polymorphism, the OpenAPI Specification adds the [`discriminator`](#schemaDiscriminator) field.
 When used, the `discriminator` indicates the name of the property that hints which schema definition is expected to validate the structure of the model.
 As such, the `discriminator` field MUST be a required field.
 There are two ways to define the value of a discriminator for an inheriting instance.
 - Use the schema name.
-- Override the schema name by overriding the property with a new value. If a new value exists, this takes precedence over the schema name.
-As such, inline schema definitions, which do not have a given id, *cannot* be used in polymorphism.
+- [Override the schema name](#discriminatorMapping) by overriding the property with a new value. If a new value exists, this takes precedence over the schema name.
 
 ###### XML Modeling
 
@@ -3606,7 +3605,9 @@ animals:
 #### <a name="securitySchemeObject"></a>Security Scheme Object
 
 Defines a security scheme that can be used by the operations.
+
 Supported schemes are HTTP authentication, an API key (either as a header, a cookie parameter or as a query parameter), OAuth2's common flows (implicit, password, client credentials and authorization code) as defined in [RFC6749](https://tools.ietf.org/html/rfc6749), and [OpenID Connect Core](https://openid.net/specs/openid-connect-core-1_0.html).
+Please note that as of 2020, the implicit flow is about to be deprecated by [OAuth 2.0 Security Best Current Practice](https://tools.ietf.org/html/draft-ietf-oauth-security-topics). Recommended for most use case is Authorization Code Grant flow with PKCE.
 
 ##### Fixed Fields
 Field Name | Type | Applies To | Description