Is there a plan to allow redirect_uri to be set in the yaml or json for the online swagger editor? When I try to test in the browser i get:
Errors
Validation error oauth2RedirectUri configuration is not passed. Oauth2 authorization cannot be performed.

I am aware of oauth2RedirectUrl being set in the SwaggerUIBundle Object from the documentation https://swagger.io/docs/swagger-tools/
The redirect uri is not part of the spec, so it's not something we're just able to support (perhaps via an extension). For now this would be needed to be configured directly in the ui/editor.
Thank you, so for now the online editor.swagger.io cannot use the accessCode flow with a required redirect_uri . Do you think that feature would ever be a part of the spec in the future?
I don't recall seeing such a request, but you can file a ticket if you see the need for it.
What about when there is a public swagger ui and users want to use their app specific credentials to test API calls?
Where a part of the process of retrieving an auth code and access token for their specific app is to pass a valid redirect_uri at both steps, verified against app registration.
You can pass it as a parameter to swagger-ui. You can also write your own plugin to extend the functionality.
Okay thank you Ron!
I'm quite confused by this. The redirect_uri is part of the OAuth2 spec (section 3.1.2. Redirection Endpoint). Whilst it is specified as optional, many Authorisation Servers will not work with authorization_code flow without a redirect_uri specified. For example, we use Keycloak as our Authorization server. The swagger editor will not work with out application because the authorization process fails without the redirect uri.
Am I missing something here?
It may be part of the OAuth2 spec, but it is not part of the Swagger/OpenAPI spec. If you want to see it changed, you'd need to file a ticket on the spec.
I think I understand the playing field a bit better now @webron. So, swagger-ui supports the oauth2RedirectUri as part of its API, but swagger-editor does not support it because the core swagger spec does not define a field for it. So, I guess swagger-editor can wait for the spec to catch up with swagger-ui and then bridge the two, or implement a solution to get half way there?
I'm thinking your earlier suggestion of using swagger extensions might be a good middle ground until the spec catches up? Something like x-oauth2RedirectUri: 'http://foobar.com'. When/if the spec catches up (let's face it, it must) then the x- could be dropped?
@S73417H, I'll zoom out a bit to give you some more context:
Swagger-UI exposes a plugin system, and Swagger-Editor itself is a plugin of Swagger-UI (see here, whenever you create a SwaggerEditor instance, SwaggerUI is called). The right side of Swagger-Editor is a Swagger-UI instance with the editor value fed in.
You'll also notice that the options that the Editor is called with will be handed off to Swagger-UI, so you could pass a oauth2RedirectUrl (that's url, not uri) to the Editor today and be on your way.
I'm not aware of any proposals to add a redirect url to the specification, but you're welcome to open an issue about it over at the OpenAPI Specification repo: https://github.com/OAI/OpenAPI-Specification/issues.
As for the UI and Editor, the x-oauth2RedirectUri: 'http://foobar.com' functionality you're describing would be a great candidate for a third-party plugin. AFAIK, we don't have any unofficial extensions to the spec supported today, so we're unlikely to add it to the core project.
Thanks @shockey for the clarification. I'll get my guys to check out passing the redirect url as an option to make it all work. In the meantime I have raised an OAI issue https://github.com/OAI/OpenAPI-Specification/issues/1285
Closing due to inactivity.
This is simply to keep our issue tracker clean - feel free to comment if there are any further thoughts or concerns, and we'll be happy to reopen this issue.
Most helpful comment
I'm quite confused by this. The redirect_uri is part of the OAuth2 spec (section 3.1.2. Redirection Endpoint). Whilst it is specified as optional, many Authorisation Servers will not work with authorization_code flow without a redirect_uri specified. For example, we use Keycloak as our Authorization server. The swagger editor will not work with out application because the authorization process fails without the redirect uri.
Am I missing something here?