From ce9afa36222639e6e2d556539a9a8529ccabd035 Mon Sep 17 00:00:00 2001
From: Sven Luzar <sven.luzar@googlemail.com>
Date: Fri, 1 Jul 2016 16:57:32 +0200
Subject: [PATCH] Fix: redirect_uri is required in oauth2 code flow, but was
 null

---
 dist/lib/swagger-oauth.js | 10 +++++++++-
 lib/swagger-oauth.js      | 10 +++++++++-
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/dist/lib/swagger-oauth.js b/dist/lib/swagger-oauth.js
index 2bb6be11..a35bda3c 100644
--- a/dist/lib/swagger-oauth.js
+++ b/dist/lib/swagger-oauth.js
@@ -250,11 +250,19 @@ function clientCredentialsFlow(scopes, tokenUrl, OAuthSchemeKey) {
 
 window.processOAuthCode = function processOAuthCode(data) {
   var OAuthSchemeKey = data.state;
+
+  // redirect_uri is required in auth code flow 
+  // see https://tools.ietf.org/html/draft-ietf-oauth-v2-31#section-4.1.3
+  var host = window.location;
+  var pathname = location.pathname.substring(0, location.pathname.lastIndexOf("/"));
+  var defaultRedirectUrl = host.protocol + '//' + host.host + pathname + '/o2c.html';
+  var redirectUrl = window.oAuthRedirectUrl || defaultRedirectUrl;
+
   var params = {
     'client_id': clientId,
     'code': data.code,
     'grant_type': 'authorization_code',
-    'redirect_uri': redirect_uri
+    'redirect_uri': redirectUrl
   };
 
   if (clientSecret) {
diff --git a/lib/swagger-oauth.js b/lib/swagger-oauth.js
index 2bb6be11..a35bda3c 100644
--- a/lib/swagger-oauth.js
+++ b/lib/swagger-oauth.js
@@ -250,11 +250,19 @@ function clientCredentialsFlow(scopes, tokenUrl, OAuthSchemeKey) {
 
 window.processOAuthCode = function processOAuthCode(data) {
   var OAuthSchemeKey = data.state;
+
+  // redirect_uri is required in auth code flow 
+  // see https://tools.ietf.org/html/draft-ietf-oauth-v2-31#section-4.1.3
+  var host = window.location;
+  var pathname = location.pathname.substring(0, location.pathname.lastIndexOf("/"));
+  var defaultRedirectUrl = host.protocol + '//' + host.host + pathname + '/o2c.html';
+  var redirectUrl = window.oAuthRedirectUrl || defaultRedirectUrl;
+
   var params = {
     'client_id': clientId,
     'code': data.code,
     'grant_type': 'authorization_code',
-    'redirect_uri': redirect_uri
+    'redirect_uri': redirectUrl
   };
 
   if (clientSecret) {