See http://tools.ietf.org/html/rfc6749#section-3.3 for details.
The callback url is now determined correctly if the swagger index.html file and
therefore the o2c.html is not in root directory of the host.
Also the popup opens more than one authorization-request-tab in firefox
(seems to append the on-click js method instead of replacing it)