OAuth2/OIDC, authorization code flow, why does Swagger UI simulate a server?

[maciejopalinski]

What was the use case when you implemented the OAuth2/OIDC functionality into Swagger UI? Because it does not seem to make any sense to me.

When I try to use authorization code flow, Swagger exchanges the code for the access token by itself, which is totally opposite of what a client application should do. In my understanding, authorization code flow gets the code from IdP and then sends the received code to the API that then exchanges the code for a token.

Why is Swagger UI trying to simulate both parties at the same time?

[maciejopalinski]

According to your docs
https://swagger.io/docs/specification/v3_0/authentication/oauth2/

Authorization code – The most common flow, mostly used for server-side and mobile web applications. This flow is similar to how users sign up into a web application using their Facebook or Google account.

Authorization code is a server-side flow. Why does Swagger act like a server in this flow, when it is only supposed to act like a client?