fix: security scheme references serialization

Signed-off-by: Vincent Biret <vibiret@microsoft.com>

Author: baywet

src/Microsoft.OpenApi/Models/OpenApiSecurityRequirement.cs

@@ -79,11 +79,7 @@ private void SerializeInternal(IOpenApiWriter writer, Action<IOpenApiWriter, Ope
 
             writer.WriteStartObject();
 
-            // Reaching this point means the reference to a specific OpenApiSecurityScheme fails.
-            // We are not able to serialize this SecurityScheme/Scopes key value pair since we do not know what
-            // string to output.
-
-            foreach (var securitySchemeAndScopesValuePair in this.Where(static p => p.Key?.Target is not null))
+            foreach (var securitySchemeAndScopesValuePair in this.Where(static p => CanSerializeSecurityScheme(p.Key)))
             {
                 var securityScheme = securitySchemeAndScopesValuePair.Key;
                 var scopes = securitySchemeAndScopesValuePair.Value;
@@ -103,6 +99,25 @@ private void SerializeInternal(IOpenApiWriter writer, Action<IOpenApiWriter, Ope
             writer.WriteEndObject();
         }
 
+        private static bool CanSerializeSecurityScheme(OpenApiSecuritySchemeReference? securityScheme)
+        {
+            if (securityScheme is null)
+            {
+                return false;
+            }
+
+            if (securityScheme.Target is not null)
+            {
+                return true;
+            }
+
+            var schemeId = securityScheme.Reference?.Id;
+            var securitySchemes = securityScheme.Reference?.HostDocument?.Components?.SecuritySchemes;
+            return !string.IsNullOrEmpty(schemeId)
+                && securitySchemes is not null
+                && securitySchemes.ContainsKey(schemeId!);
+        }
+
         /// <summary>
         /// Serialize <see cref="OpenApiSecurityRequirement"/> to Open Api v2.0
         /// </summary>