Path template matching needs more specific matching rules according to method matching

[wsalembi]

The path template matching rules in the spec lead to confusion in several implementations of OpenAPI validators. https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.3.md#path-templating-matching

Given the specification https://petstore3.swagger.io. What is the right result when a client sends a request curl -X POST "https://petstore3.swagger.io/api/v3/pet/findByStatus"

Should this call be matched with path "/pet/findByStatus" and then result in a 405 Method Not Allowed error since the path has no POST verb.

Or can this call be matched with path "/pet/{petId}" and result in a call to operationId updatePetWithForm?

Per specification: When matching URLs, concrete (non-templated) paths would be matched before their templated counterparts. Templated paths with the same hierarchy but different templated names MUST NOT exist as they are identical. In case of ambiguous matching, it's up to the tooling to decide which one to use.

So per spec: POST to /pet/findByStatus should match the path /pet/findByStatus since it's an exact match of a concrete path.

What should vendors to if paths match, but verbs don't? Continue matching with other paths or abort?