Sync open source content 🐝 (from 14072d378cae3f817ebb588e21e78262f3c6aaf2)

Author: beezythebot

openapi/content/jsonl.mdx

@@ -3,6 +3,8 @@ title: "Jsonl in OpenAPI best practices"
 description: "Comprehensive guide to Jsonl in OpenAPI. Best practices for API design, documentation, and implementation."
 ---
 
+import { Callout } from "@/mdx/components";
+
 # JSONL responses in OpenAPI
 
 JSON Lines (JSONL) is a convenient format for storing structured data that may be processed one record at a time. It's a simple format where each line is a valid JSON value, typically a JSON object or array. JSONL is particularly useful for handling large datasets, streaming data, or log files where each line represents a separate record.
@@ -28,8 +30,13 @@ JSONL offers several advantages over traditional JSON:
 
 ## Defining JSONL responses in OpenAPI documents
 
-JSONL responses can be defined in OpenAPI by using the `application/jsonl` or `text/jsonl` MIME type. While JSONL isn't natively supported in the OpenAPI specification, you can use these content types to indicate that the response will be in JSONL format.
-Here's an example of how to define a JSONL response in an OpenAPI document:
+<Callout title="OpenAPI v3.2.0 JSONL support" type="info">
+OpenAPI v3.2.0 recognizes `application/jsonl` as a sequential media type and introduces the `itemSchema` keyword for defining the structure of individual records in the stream.
+</Callout>
+
+JSONL responses can be defined in OpenAPI by using the `application/jsonl` or `text/jsonl` MIME type. In OpenAPI v3.0 and v3.1, JSONL isn't natively supported, but these content types indicate that the response will be in JSONL format. OpenAPI v3.2.0 adds native support through the `itemSchema` keyword, which defines the schema for each line in the JSONL stream.
+
+The following example defines a JSONL response in an OpenAPI document:
 
 ```yaml filename="openapi.yaml"
 paths:
@@ -79,6 +86,28 @@ components:
 
 In this example, the `/users/export` endpoint returns user data in JSONL format. Each line of the response will be a valid JSON object representing a user, as defined by the `User` schema.
 
+### Using itemSchema in OpenAPI 3.2
+
+With OpenAPI v3.2.0, the `itemSchema` keyword explicitly defines the schema for each line in the JSONL stream:
+
+```yaml filename="openapi.yaml"
+paths:
+  /users/export:
+    get:
+      summary: Export user data in JSONL format
+      responses:
+        "200":
+          description: User data in JSONL format
+          content:
+            application/jsonl:
+              schema:
+                type: string
+              itemSchema:
+                $ref: "#/components/schemas/User"
+```
+
+The `schema` describes the overall stream, while `itemSchema` defines the structure of each individual JSON object per line. This allows tooling to generate typed deserialization for each record in the stream.
+
 ## Client-side handling of JSONL responses
 
 When working with JSONL responses, clients need to process the data line by line. Here's an example of how to handle JSONL responses using a python SDK generated by Speakeasy:

openapi/content/server-sent-events.mdx

@@ -3,7 +3,7 @@ title: "Server Sent Events in OpenAPI best practices"
 description: "Comprehensive guide to Server Sent Events in OpenAPI. Best practices for API design, documentation, and implementation."
 ---
 
-import { Table } from "@/mdx/components";
+import { Callout, Table } from "@/mdx/components";
 
 # Server-sent events in OpenAPI
 
@@ -65,7 +65,11 @@ SSE is ideal for simple, efficient, one-way server-to-client communication scena
 
 ## Defining SSE in OpenAPI documents
 
-Server-sent events (SSE) are not natively supported in OpenAPI but can be represented as an endpoint using the `text/event-stream` MIME type to indicate the data format.
+<Callout title="OpenAPI v3.2.0 SSE support" type="info">
+OpenAPI v3.2.0 introduces the `itemSchema` keyword for `text/event-stream` media types, providing first-class support for defining the structure of individual streamed events. See the [itemSchema section](#defining-sse-with-itemschema-in-openapi-32) below.
+</Callout>
+
+In OpenAPI v3.0 and v3.1, server-sent events (SSE) are not natively supported but can be represented as an endpoint using the `text/event-stream` MIME type to indicate the data format. OpenAPI v3.2.0 adds first-class support for SSE with the `itemSchema` keyword.
 
 The event stream format is a UTF-8-encoded text stream with messages separated by a newline (`\n`). Each message may include up to four fields:
 
@@ -147,6 +151,42 @@ eventSource.onerror = function (error) {
 };
 ```
 
+## Defining SSE with itemSchema in OpenAPI 3.2
+
+OpenAPI v3.2.0 introduces the `itemSchema` keyword, which defines the schema for individual events within a `text/event-stream` response. Instead of describing the entire stream as one schema, `itemSchema` describes the structure of each event delivered over the stream.
+
+```yaml filename="openapi.yaml"
+paths:
+  /stock-updates:
+    get:
+      tags:
+        - ServerSentEvents
+      summary: Subscribe to real-time stock market updates
+      responses:
+        "200":
+          description: Stream of real-time stock updates
+          content:
+            text/event-stream:
+              schema:
+                type: string
+              itemSchema:
+                $ref: "#/components/schemas/StockUpdate"
+components:
+  schemas:
+    StockUpdate:
+      type: object
+      properties:
+        symbol:
+          type: string
+          description: Stock ticker symbol
+        price:
+          type: string
+          description: Current stock price
+          example: "100.25"
+```
+
+In this example, the `schema` describes the overall stream as a string (the raw event stream), while `itemSchema` defines the structure of each individual event within the stream. This separation allows tooling to generate typed handlers for each event.
+
 ## Best practices for SSE design and OpenAPI integration
 
 Here are some best practices for handling server-sent events and including them in an OpenAPI document.

openapi/operations.mdx

@@ -8,7 +8,7 @@ import { Table } from "@/mdx/components";
 
 An operation object describes a single API operation within a path, including all its possible inputs and outputs and the configuration required to make a successful request.
 
-Each operation object corresponds to an HTTP verb, such as `get`, `post`, or `delete`.
+Each operation object corresponds to an HTTP method, such as `get`, `post`, `delete`, or `query` (introduced in OpenAPI v3.2.0).
 
 Example:
 
@@ -133,3 +133,5 @@ paths:
 />
 
 The above order of fields is recommended for defining the fields in the document to help set the stage for the operation and provide a clear understanding of what it does.
+
+OpenAPI v3.2.0 also introduces the [`query` method and `additionalOperations`](/openapi/paths#openapi-32-path-features) for defining the `QUERY` HTTP method and non-standard HTTP methods as Operation Objects.

openapi/paths.mdx

@@ -111,6 +111,8 @@ components:
     { field: "`head`", type: "[Operation Object](/openapi/paths/operations)", required: "", description: "An operation associated with the [`HEAD` HTTP method](https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/HEAD)." },
     { field: "`patch`", type: "[Operation Object](/openapi/paths/operations)", required: "", description: "An operation associated with the [`PATCH` HTTP method](https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/PATCH)." },
     { field: "`trace`", type: "[Operation Object](/openapi/paths/operations)", required: "", description: "An operation associated with the [`TRACE` HTTP method](https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/TRACE)." },
+    { field: "`query`", type: "[Operation Object](/openapi/paths/operations)", required: "", description: "An operation associated with the `QUERY` HTTP method. Safe and idempotent, like `GET`, but allows a request body for complex queries. Available in OpenAPI v3.2.0+." },
+    { field: "`additionalOperations`", type: "Map[String, [Operation Object](/openapi/paths/operations)]", required: "", description: "A map of non-standard HTTP methods to Operation Objects, enabling documentation of custom methods beyond those defined by the specification. Available in OpenAPI v3.2.0+." },
     { field: "`x-*`", type: "[Extensions](/openapi/extensions)", required: "", description: "Any number of extension fields can be added to the Path Item Object that can be used by tooling and vendors." }
   ]}
   columns={[
@@ -122,3 +124,90 @@ components:
 />
 
 The order of fields above is recommended but is not significant to the order in which the endpoints should be used.
+
+## OpenAPI 3.2 path features
+
+OpenAPI 3.2.0 introduces several new capabilities for path items.
+
+### The QUERY HTTP method
+
+The `QUERY` method is a safe, idempotent HTTP method that allows clients to send query criteria in the request body rather than encoding complex parameters in the URL. This is useful for operations that require structured or lengthy query parameters that exceed practical URL length limits.
+
+```yaml
+paths:
+  /drinks:
+    query:
+      operationId: searchDrinks
+      summary: Search for drinks with complex criteria
+      requestBody:
+        required: true
+        content:
+          application/json:
+            schema:
+              type: object
+              properties:
+                ingredients:
+                  type: array
+                  items:
+                    type: string
+                minRating:
+                  type: number
+      responses:
+        "200":
+          description: A list of matching drinks
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: "#/components/schemas/Drink"
+```
+
+### Additional operations
+
+The `additionalOperations` field allows defining non-standard HTTP methods as Operation Objects. This is useful for APIs that use custom HTTP methods beyond the standard set.
+
+```yaml
+paths:
+  /drinks/{drinkId}:
+    additionalOperations:
+      BREW:
+        operationId: brewDrink
+        summary: Brew a specific drink
+        parameters:
+          - name: drinkId
+            in: path
+            required: true
+            schema:
+              type: string
+        responses:
+          "200":
+            description: Drink brewed successfully
+```
+
+### The querystring field
+
+OpenAPI 3.2.0 also introduces the `querystring` field on Operation Objects, which allows defining all query parameters as a single Schema Object instead of listing individual `parameters` with `in: query`. This simplifies the definition of operations with many query parameters or complex query structures.
+
+```yaml
+paths:
+  /drinks:
+    get:
+      operationId: listDrinks
+      summary: List available drinks
+      querystring:
+        type: object
+        properties:
+          type:
+            type: string
+            enum: [cocktail, mocktail, spirit, beer, wine, cider]
+          limit:
+            type: integer
+            default: 20
+          offset:
+            type: integer
+            default: 0
+      responses:
+        "200":
+          description: A list of drinks
+```

openapi/security/security-schemes/security-oauth2.mdx

@@ -22,7 +22,7 @@ The fields for an OAuth 2 security scheme are as follows:
   data={[
     { field: "`type`", type: "String", required: "✅", description: "`oauth2`" },
     { field: "`description`", type: "String", required: "", description: "Human-readable information. This may contain [CommonMark syntax](https://spec.commonmark.org/) to provide a rich description." },
-    { field: "`flows`", type: "Map[{key}, [OAuth Flow Object](#oauth-flow-object)]", required: "✅", description: "An object containing configuration for the available OAuth 2 flows. Valid keys are `implicit`, `password`, `clientCredentials`, and `authorizationCode`." },
+    { field: "`flows`", type: "Map[{key}, [OAuth Flow Object](#oauth-flow-object)]", required: "✅", description: "An object containing configuration for the available OAuth 2 flows. Valid keys are `implicit`, `password`, `clientCredentials`, `authorizationCode`, and `deviceAuthorization` (OpenAPI v3.2.0+)." },
     { field: "`x-*`", type: "[Extensions](/openapi/extensions)", required: "", description: "Any number of extension fields can be added to the Security Scheme Object to be used by tooling and vendors." }
   ]}
   columns={[
@@ -52,12 +52,13 @@ security:
 
 The value of the [OAuth Flows Object](https://spec.openapis.org/oas/v3.1.0#oauth-flows-object) is a map of [OAuth Flow Objects](https://spec.openapis.org/oas/v3.1.0#oauth-flow-object).
 
-The OpenAPI Specification 3.1 supports the following four OAuth Flow Objects:
+The OpenAPI Specification supports the following OAuth Flow Objects:
 
 - The [Client Credentials](#the-client-credentials-flow) flow (using `clientCredentials`, previously `application` in OpenAPI 2.0)
 - The [Authorization Code](#the-authorization-code-flow) flow (using `authorizationCode`, previously `accessCode` in OpenAPI 2.0)
 - The [Password](#the-password-flow) flow (using `password`)
 - The [Implicit](#the-implicit-flow) flow (using `implicit`)
+- The [Device Authorization](#the-device-authorization-flow) flow (using `deviceAuthorization`, available in OpenAPI v3.2.0+)
 
 Each OAuth Flow Object has its own configuration parameters, so let's look at them individually.
 
@@ -346,6 +347,62 @@ OAuth 2.1 is a simplified version of OAuth 2 that combines its best practices an
 
 For more information on the changes and improvements made in OAuth 2.1, refer to [the OAuth 2.1 specification](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-13).
 
-**Device Authorization** is a new OAuth flow (also called a grant) that is not yet supported in the OpenAPI Specification 3.1. It will be added in the OpenAPI Specification 3.2, which is currently in development.
+### The Device Authorization flow
 
-For more information on the Device Authorization grant, take a look at the specification for the [OAuth 2.0 Device Authorization grant](https://datatracker.ietf.org/doc/html/rfc8628).
+The Device Authorization flow (also called the Device Authorization grant) is designed for devices with limited input capabilities, such as smart TVs, kiosks, and IoT devices. Instead of entering credentials directly, the device displays a code that the user enters on a separate device with a full browser. OpenAPI v3.2.0 adds support for this flow using the `deviceAuthorization` key.
+
+For more information on the Device Authorization grant, refer to the specification for the [OAuth 2.0 Device Authorization grant](https://datatracker.ietf.org/doc/html/rfc8628).
+
+<Table
+  data={[
+    { field: "`deviceAuthorizationUrl`", type: "String", required: "✅", description: "The device authorization URL to be used for this flow." },
+    { field: "`tokenUrl`", type: "String", required: "✅", description: "The token URL to be used for this flow." },
+    { field: "`refreshUrl`", type: "String", required: "", description: "The URL to be used for refreshing the token. No refresh URL means the token is not refreshable." },
+    { field: "`scopes`", type: "Map[String, String]", required: "✅", description: "The available scopes for the OAuth 2 flow, with a description for each scope. Although the specification requires this field, it can be an empty object." },
+    { field: "`x-*`", type: "[Extensions](/openapi/extensions)", required: "", description: "Any number of extension fields can be added to an OAuth Flow Object to be used by tooling and vendors to add additional metadata and functionality to the OpenAPI Specification." }
+  ]}
+  columns={[
+    { key: "field", header: "Field" },
+    { key: "type", header: "Type" },
+    { key: "required", header: "Required" },
+    { key: "description", header: "Description" }
+  ]}
+/>
+
+The following example shows an OAuth 2 security scheme using the `deviceAuthorization` flow:
+
+```yaml
+components:
+  securitySchemes:
+    deviceAuth:
+      type: oauth2
+      flows:
+        deviceAuthorization:
+          deviceAuthorizationUrl: https://speakeasy.bar/oauth2/device
+          tokenUrl: https://speakeasy.bar/oauth2/token
+          refreshUrl: https://speakeasy.bar/oauth2/refresh
+          scopes:
+            read: Grants read access
+            write: Grants write access
+security:
+  - deviceAuth: []
+```
+
+## OAuth 2.0 metadata discovery
+
+OpenAPI v3.2.0 adds the `oauth2MetadataUrl` field to the OAuth Flow Object. This field provides a URL pointing to the OAuth 2.0 Authorization Server Metadata document ([RFC 8414](https://datatracker.ietf.org/doc/html/rfc8414)), enabling clients to automatically discover OAuth 2.0 endpoint configuration.
+
+```yaml
+components:
+  securitySchemes:
+    oauth2:
+      type: oauth2
+      flows:
+        authorizationCode:
+          authorizationUrl: https://speakeasy.bar/oauth2/authorize
+          tokenUrl: https://speakeasy.bar/oauth2/token
+          oauth2MetadataUrl: https://speakeasy.bar/.well-known/oauth-authorization-server
+          scopes:
+            read: Grants read access
+            write: Grants write access
+```