The OpenAPI 2.0 and 3.x Security Requirement Object maps each scheme name to an array of scope strings. The local TypeScript interfaces currently type those values as plain strings in both v2 and v3. This makes parsed security arrays such as { apiKey: [] } and { oauthBearer: [] } disagree with the project interfaces even though they are valid OpenAPI documents.
The OpenAPI 2.0 and 3.x Security Requirement Object maps each scheme name to an array of scope strings. The local TypeScript interfaces currently type those values as plain strings in both v2 and v3. This makes parsed security arrays such as { apiKey: [] } and { oauthBearer: [] } disagree with the project interfaces even though they are valid OpenAPI documents.