diff --git a/versions/3.2.0.md b/versions/3.2.0.md
index 45d59a7c3f..f852aa9c79 100644
--- a/versions/3.2.0.md
+++ b/versions/3.2.0.md
@@ -3290,6 +3290,7 @@ Field Name | Type | Description
clientCredentials| [OAuth Flow Object](#oauthFlowObject) | Configuration for the OAuth Client Credentials flow. Previously called `application` in OpenAPI 2.0.
authorizationCode| [OAuth Flow Object](#oauthFlowObject) | Configuration for the OAuth Authorization Code flow. Previously called `accessCode` in OpenAPI 2.0.
deviceAuthorization| [OAuth Flow Object](#oauthFlowObject) | Configuration for the OAuth Device Authorization flow.
+ciba| [OAuth Flow Object](#oauth-flow-object) | Configuration for the OpenID Connect Client-Initiated Backchannel Authentication Flow.
This object MAY be extended with [Specification Extensions](#specificationExtensions).
@@ -3300,11 +3301,14 @@ Configuration details for a supported OAuth Flow
##### Fixed Fields
Field Name | Type | Applies To | Description
---|:---:|---|---
-authorizationUrl | `string` | `oauth2` (`"implicit"`, `"authorizationCode"`) | **REQUIRED**. The authorization URL to be used for this flow. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS.
+authorizationUrl | `string` | `oauth2` (`"implicit"`, `"authorizationCode"`, `"ciba"`) | **REQUIRED**. The authorization URL to be used for this flow. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS.
deviceAuthorizationUrl | `string` | `oauth2` (`"deviceAuthorization"`) | **REQUIRED**. The device authorization URL to be used for this flow. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS.
-tokenUrl | `string` | `oauth2` (`"password"`, `"clientCredentials"`, `"authorizationCode"`, `"deviceAuthorization"`) | **REQUIRED**. The token URL to be used for this flow. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS.
+tokenUrl | `string` | `oauth2` (`"password"`, `"clientCredentials"`, `"authorizationCode"`, `"deviceAuthorization"`, `"ciba"`) | **REQUIRED**. The token URL to be used for this flow. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS.
refreshUrl | `string` | `oauth2` | The URL to be used for obtaining refresh tokens. This MUST be in the form of a URL. The OAuth2 standard requires the use of TLS.
scopes | Map[`string`, `string`] | `oauth2` | **REQUIRED**. The available scopes for the OAuth2 security scheme. A map between the scope name and a short description for it. The map MAY be empty.
+cibaDeliveryModes | Array[`string`] | `oauth2` (`"ciba"`) | **REQUIRED**. JSON array containing one or more of the following values: `poll`, `ping`, and `push`.
+cibaSigningAlgs | Array[`string`] | `oauth2` (`"ciba"`) | JSON array containing a list of the JWS signing algorithms (alg values) supported by the OP (OpenIdConnect Provider) for signed authentication requests
+cibaUserCode | `boolean` | `oauth2` (`"ciba"`) | Boolean value specifying whether the OP supports the use of the user_code parameter, with true indicating support. If omitted, the default value is false.
This object MAY be extended with [Specification Extensions](#specificationExtensions).
@@ -3328,6 +3332,15 @@ This object MAY be extended with [Specification Extensions](#specificationExtens
"write:pets": "modify pets in your account",
"read:pets": "read your pets"
}
+ },
+ "ciba": {
+ "authorizationUrl": "https://example.com/api/oauth/dialog",
+ "tokenUrl": "https://example.com/api/oauth/token",
+ "scopes": {
+ "write:pets": "modify pets in your account",
+ "read:pets": "read your pets"
+ },
+ "cibaDeliveryModes": ["poll"]
}
}
}