API Doc showing *all* oauth2 scopes instead of the single scope specified in path

We’re trying to specify oauth2 scopes using an openapi v3 doc.

Our securitySchema defines several scopes, and individual paths are specifying 1 or 2 of those.

For some reason, the rendered stoplight docs display all the scopes defined in the security schema, rather than the 1 or 2 defined in the path.

Security schemes section looks like this:

securitySchemes:
OAuthScopes:
type: oauth2
flows:
authorizationCode:
authorizationUrl: https://secure.example.x/connect?response_type=code&client_id={client_id}&redirect_uri={redirect_uri}&state={state}&scope={scopes}
tokenUrl: https://{domain_prefix}.example.x/api/1.0/token
scopes:
myentity:read: Read about my entity

The paths are defined like this:

/my_entities:
get:
parameters: []
tags: []
operationId: ListMyEntities
summary: List entities xxx
description: Returns a collection of my-entities.
security:
- OAuthScopes:
- myentity:read

To work around this I could create a whole securitySchema for each scope or combination of scopes. It seems like a lot of unnecessary work though.

Am I missing something?

Thanks