OpenAPI allows you to extend Security Scheme Objects. However, since the values of the Type field are fixed, and the contents of a security scheme are determined by the value of the Type field, then security schemes are not really extensible. We should add "x-custom" as a valid value to the Type field. This indicates that this is an extended (non-standard) Security Scheme Object. Extended Security Schemes should populate the "x-type" field to identify the type of custom scheme being described. x-type is an unrestricted string. It is up to the implementing community to manage its' values. #1004
OpenAPI allows you to extend Security Scheme Objects. However, since the values of the Type field are fixed, and the contents of a security scheme are determined by the value of the Type field, then security schemes are not really extensible. We should add "x-custom" as a valid value to the Type field. This indicates that this is an extended (non-standard) Security Scheme Object. Extended Security Schemes should populate the "x-type" field to identify the type of custom scheme being described. x-type is an unrestricted string. It is up to the implementing community to manage its' values. #1004