Henry Andrews

I've updated this to a more general title, as it is not only `openIdConnectUrl` that varies, and we should solve the problem in the general case.

Paging @shilpa-padgaonkar

@SensibleWood as I've worked on diagraming the OAS (including everything that's already included in or plausibly proposed for 3.2), I've noticed that the new CIBA fields add a lot to...

@SensibleWood > > I've noticed that the new CIBA fields add a lot to the OpenAPI Flow Object. > > @handrews and therein lies the issue. Ah, yes, my apologies,...

@SensibleWood in the TDC call today we decided that this would make sense as one of the two major focuses of 3.3 (after doing a very quick 3.2 that avoids...

@SensibleWood thanks! I will drop the CIBA commit but port the others, and we (by which I mean you and other security-minded folks) can keep working on a bigger re-think...

@SensibleWood I was looking back over this and was wondering if there is some minimal thing we can do in 3.2 that would encourage experimentation (and perhaps unblock using CIBA...

@SensibleWood looking at this example: ```YAML HsbcCibaProfile: type: openIdConnect openIdConnectUrl: https://sandbox.ob.hsbcnet.com/.well-known/openid-configuration profile: CIBA ``` I am assuming that this `openIdConnectUrl` is intended to replace the `openIdConnectUrl` in the Security Scheme...

@SensibleWood thanks! Can you give you're example a little more context? Are you proposing to add `discoveryUrl` as an immediate solution to CIBA and similar, and to what Object are...

Also would `discoveryUrl` supplant `openIdConnectUrl` in some way?