A hint to the client to identify how the bearer token is formatted. Bearer tokens are usually generated by an authorization server, so this information is primarily for documentation purposes.
A short description for security scheme. CommonMark syntax MAY be used for rich text representation.
**REQUIRED**. An object containing configuration information for the flow types supported.
**REQUIRED**. The location of the API key. Valid values are "query", "header" or "cookie".
**REQUIRED**. The name of the header, query or cookie parameter to be used.
**REQUIRED**. OpenId Connect URL to discover OAuth2 configuration values. This MUST be in the form of a URL.
A link to request bodies defined in the [OasDocument's] components/securitySchemes.
**REQUIRED**. The name of the HTTP Authorization scheme to be used in the [Authorization header as defined in RFC7235](https://tools.ietf.org/html/rfc7235#section-5.1). The values used SHOULD be registered in the [IANA Authentication Scheme registry](https://www.iana.org/assignments/http-authschemes/http-authschemes.xhtml).
**REQUIRED**. The type of the security scheme. Valid values are "apiKey", "http", "oauth2", "openIdConnect".
Defines a security scheme that can be used by the operations. Supported schemes are HTTP authentication, an API key (either as a header, a cookie parameter or as a query parameter), OAuth2's common flows (implicit, password, client credentials and authorization code) as defined in RFC6749, and [OpenID Connect Discovery](https://tools.ietf.org/html/draft-ietf-oauth-discovery-06).