UI version 5.20 breaks relative Oauth2 URls #10340
Description
Q&A (please complete the following information)
- OS: [e.g. macOS]: Windows
- Browser: [e.g. chrome, safari]: Chrome
- Version: [e.g. 22] 133
- Method of installation: [e.g. npm, dist assets] dist assets
- Swagger-UI version: [e.g. 3.10.0] 5.20
- Swagger/OpenAPI version: [e.g. Swagger 2.0, OpenAPI 3.0] OpenAPI 3.0
Content & configuration
Swagger-UI configuration options:
"securitySchemes": {
"OIDC": {
"type": "oauth2",
"description": "Bearer Authentication",
"flows": {
"authorizationCode": {
"authorizationUrl": "./../identity/connect/authorize",
"tokenUrl": "./../identity/connect/token",
"scopes": {
"api": "API Scope"
}
}
}
}
}Describe the bug you're encountering
Assuming the swagger endpoint is /swagger and
assuming you have relative OAuth2 configuration URLs, with relative URIs, V5.20 redirects to
"/swagger/identity/connect/authorize" on clicking the Authorize button. It ignores the relative "../" part from the url.
Example:
https://localhost/swagger with swagger json on https://localhost/swagger/v1/swagger.json, then the above configuration redirects to: https://localhost/swagger/identity/connect/authorize, instead of https://localhost/identity/connect/authorize.
To reproduce...
Steps to reproduce the behavior:
Configure relative OAuth2 security scheme as above, with any given swagger config and click Authorize
Expected behavior
It redirects to "/identity/connect/authorize"
Additional context or thoughts
This works in 5.19.
this was found in Swashbuckle for .NET and repro'd to be the UI change
domaindrivendev/Swashbuckle.AspNetCore#3287