Handling of relative paths in OAuth 2.0 AuthorizationUrl/TokenUrl on authorization actions

[yewton]

Q	A
Bug or feature request?	Bug
Which Swagger/OpenAPI version?	3.0
Which Swagger-UI version?	3.x
How did you install Swagger-UI?	http://petstore.swagger.io/ or https://editor.swagger.io/
Which browser & version?	Chrome 62
Which operating system?	Sierra

Demonstration API definition

Gist: https://gist.githubusercontent.com/yewton/b4bc323992c685962b1e8f071a3eebaa/raw/748e99b95f1a543ac65741d2c57afa194a9e6617/openapi.yml

Configuration (browser query string, constructor, config.yaml)

Default.

Expected Behavior

Relative paths in AuthorizationUrl or TokenUrl in securitySchemes are treated as relative to the API server URL.

Current Behavior

They are treated as relative to the UI/Editor's server URL.

Possible Solution

• Fix URL here: https://github.com/swagger-api/swagger-ui/blob/v3.6.0/src/core/plugins/auth/actions.js#L145

Context

• We are going to host Web APIs and also OAuth 2.0 authorization endpoints on the same server(domain)
• Original post: https://groups.google.com/d/msg/swagger-swaggersocket/IS6xNL5AEjQ/YfE35QIMAQAJ

[Zachius]

As I understand it this is the desired behaviour. If you don't want a relative url, ensure that the token or authorisation url begins with '/'. i.e. "/oauth/token"

[yewton]

@Zachius We want a URL to be relative to the API server URL, not to the UI/Editor's server URL.

[uhrohraggy]

Is it likely we can get this merged in?

[pszalko]

@shockey Any update on this issue? Can we expect the PR to be merged?

[lostfields]

This is still a issue kind of, if you are leaving out the the domain path of the server url and keep it relative/absolute (eg just using / instead of https://exampe.com/) will a relative url for authorizationUrl and tokenUrl using the swagger explorer domain instead of the domain for the swagger definition.