Open API v3 - global security section should be applied to the whole collection

[DRepinSLB]

Describe the bug
The Open API v3 security schema can be applied to the whole API or to individual operations by adding the security section on the root level or operation level, respectively. https://swagger.io/docs/specification/authentication/
When the security section is applied globally to the whole API, I expect, after importing the swagger definition, that the created collection Authorization property would be set accordingly to the swagger definition and the Authorization property for every request would be set to 'Inherit auth from parent'. However, currently, importing the swagger definition sets the Authorization property for every request instead.

To Reproduce
Steps to reproduce the behavior:

1. Go to File -> Import to import the attached swagger definition.
   A new collection will be created.
2. Expand the collection
3. Select the 'status' request and observe that the Authorization property was set to "Bearer Token"
4. Select the 'healthz' request and observe that the Authorization property was set to "Bearer Token"

Expected behavior
The Authorization property for both 'status' and 'healthz' requests is set to 'Inherit auth from parent' and the collection Authorization property is set to "Bearer Token"

App information (please complete the following information):

• App Type: Native App
• Postman Version: v7.2.2
• OS: Windows 10

Additional context

openapi: 3.0.0
info:
  title: "Reproduce Authorization issue"
  version: 0.0.0.1
security:
  - BearerAuth: []
paths:
  /healthz:
    get:
      summary: "healthz"
      description: "Health check - always returns OK"
      operationId: "get_healthz"
      responses:
        '200':
          description: "OK"
          content:
            text/plain:
              schema:
                type: "string"
                default: "OK"
  /status:
    get:
      summary: "status"
      description: "Returns the service version"
      operationId: "get_status"
      responses:
        '200':
          description: "Service info multi-line string"
          content:
            text/plain:
              schema:
                type: "string"
components:
  securitySchemes:
    BearerAuth:
      type: http
      scheme: bearer
      bearerFormat: "google_id_token"

[Isengo1989]

Is there a timeline set already for this to be fixed?

[agent-reed]

Would love to see this feature implemented!

Setting a security scheme in OAS should auto-configure a collection to use that type of auth, as well as tell all endpoints to inherit from parent. Importing a OAS spec with hundreds of endpoints is useless when I have to manually go through each of them to point auth to the same scheme.

[brucekaufman]

Has there been any progress on this? Hugely frustrating to have to manually set every endpoint after we export.

[fabiendeborde]

We just moved from Stoplight to Postman, and found that there are still multiples features of OpenAPI 3 that are not yet supported.
It would be great to be able to know if the problems are at least being worked on. It seems there hasn't been much reaction from the Postman team on a few issues :(