Used security schema is not checked against registered securitySchemes

[ilia-rassadin-rn]

As stated in openapi 3.0 docs

All security schemes used by the API must be defined in the global components/securitySchemes section. This section contains a list of named security schemes, where each scheme can be of type:

So the following scheme is invalid, because nonRegisteredSchema is not registered in /components/securitySchemes section.

openapi: "3.0.0"
info:
  version: 1.0.0
  title: Example Api
security:
  - nonRegisteredSchema: []
paths:
  /example_path:
    get:
      responses:
        '200':
          description: Example description
          content:
            application/json:
              schema:
                type: object
components:
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      bearerFormat: JWT

E.g. https://oas-validation.com/ fires the following error:

Security scheme 'nonRegisteredSchema' is not defined in components/securitySchemes. Available schemes: bearerAuth.

Though kin allows it and doesn't complain.