diff --git a/src/Laravel/public/swagger-ui/oauth2-redirect.js b/src/Laravel/public/swagger-ui/oauth2-redirect.js
new file mode 100644
index 0000000000..af2f1342f9
--- /dev/null
+++ b/src/Laravel/public/swagger-ui/oauth2-redirect.js
@@ -0,0 +1 @@
+"use strict";function run(){var e,r,t,a=window.opener.swaggerUIRedirectOauth2,o=a.state,n=a.redirectUrl;if((t=(r=/code|token|error/.test(window.location.hash)?window.location.hash.substring(1).replace("?","&"):location.search.substring(1)).split("&")).forEach((function(e,r,t){t[r]='"'+e.replace("=",'":"')+'"'})),e=(r=r?JSON.parse("{"+t.join()+"}",(function(e,r){return""===e?r:decodeURIComponent(r)})):{}).state===o,"accessCode"!==a.auth.schema.get("flow")&&"authorizationCode"!==a.auth.schema.get("flow")&&"authorization_code"!==a.auth.schema.get("flow")||a.auth.code)a.callback({auth:a.auth,token:r,isValid:e,redirectUrl:n});else if(e||a.errCb({authId:a.auth.name,source:"auth",level:"warning",message:"Authorization may be unsafe, passed state was changed in server Passed state wasn't returned from auth server"}),r.code)delete a.state,a.auth.code=r.code,a.callback({auth:a.auth,redirectUrl:n});else{let e;r.error&&(e="["+r.error+"]: "+(r.error_description?r.error_description+". ":"no accessCode received from the server. ")+(r.error_uri?"More info: "+r.error_uri:"")),a.errCb({authId:a.auth.name,source:"auth",level:"error",message:e||"[Authorization failed]: no accessCode received from the server"})}window.close()}"loading"!==document.readyState?run():document.addEventListener("DOMContentLoaded",(function(){run()}));
\ No newline at end of file
diff --git a/src/Symfony/Bundle/Resources/public/swagger-ui/oauth2-redirect.js b/src/Symfony/Bundle/Resources/public/swagger-ui/oauth2-redirect.js
new file mode 100644
index 0000000000..af2f1342f9
--- /dev/null
+++ b/src/Symfony/Bundle/Resources/public/swagger-ui/oauth2-redirect.js
@@ -0,0 +1 @@
+"use strict";function run(){var e,r,t,a=window.opener.swaggerUIRedirectOauth2,o=a.state,n=a.redirectUrl;if((t=(r=/code|token|error/.test(window.location.hash)?window.location.hash.substring(1).replace("?","&"):location.search.substring(1)).split("&")).forEach((function(e,r,t){t[r]='"'+e.replace("=",'":"')+'"'})),e=(r=r?JSON.parse("{"+t.join()+"}",(function(e,r){return""===e?r:decodeURIComponent(r)})):{}).state===o,"accessCode"!==a.auth.schema.get("flow")&&"authorizationCode"!==a.auth.schema.get("flow")&&"authorization_code"!==a.auth.schema.get("flow")||a.auth.code)a.callback({auth:a.auth,token:r,isValid:e,redirectUrl:n});else if(e||a.errCb({authId:a.auth.name,source:"auth",level:"warning",message:"Authorization may be unsafe, passed state was changed in server Passed state wasn't returned from auth server"}),r.code)delete a.state,a.auth.code=r.code,a.callback({auth:a.auth,redirectUrl:n});else{let e;r.error&&(e="["+r.error+"]: "+(r.error_description?r.error_description+". ":"no accessCode received from the server. ")+(r.error_uri?"More info: "+r.error_uri:"")),a.errCb({authId:a.auth.name,source:"auth",level:"error",message:e||"[Authorization failed]: no accessCode received from the server"})}window.close()}"loading"!==document.readyState?run():document.addEventListener("DOMContentLoaded",(function(){run()}));
\ No newline at end of file
diff --git a/tests/Symfony/Bundle/SwaggerUi/OAuth2RedirectAssetsTest.php b/tests/Symfony/Bundle/SwaggerUi/OAuth2RedirectAssetsTest.php
new file mode 100644
index 0000000000..cbdb04d5ca
--- /dev/null
+++ b/tests/Symfony/Bundle/SwaggerUi/OAuth2RedirectAssetsTest.php
@@ -0,0 +1,46 @@
+<?php
+
+/*
+ * This file is part of the API Platform project.
+ *
+ * (c) Kévin Dunglas <dunglas@gmail.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+declare(strict_types=1);
+
+namespace ApiPlatform\Tests\Symfony\Bundle\SwaggerUi;
+
+use PHPUnit\Framework\Attributes\DataProvider;
+use PHPUnit\Framework\TestCase;
+
+final class OAuth2RedirectAssetsTest extends TestCase
+{
+    #[DataProvider('provideSwaggerUiAssetDirectories')]
+    public function testOAuth2RedirectScriptIsShippedAlongsideHtml(string $directory): void
+    {
+        $html = $directory.'/oauth2-redirect.html';
+        $script = $directory.'/oauth2-redirect.js';
+
+        $this->assertFileExists($html, \sprintf('Expected %s to be present.', $html));
+        $this->assertStringContainsString(
+            'oauth2-redirect.js',
+            (string) file_get_contents($html),
+            \sprintf('%s should load oauth2-redirect.js.', $html)
+        );
+        $this->assertFileExists(
+            $script,
+            \sprintf('%s is referenced by oauth2-redirect.html but is missing on disk.', $script)
+        );
+    }
+
+    public static function provideSwaggerUiAssetDirectories(): iterable
+    {
+        $root = \dirname(__DIR__, 4);
+
+        yield 'symfony bundle' => [$root.'/src/Symfony/Bundle/Resources/public/swagger-ui'];
+        yield 'laravel package' => [$root.'/src/Laravel/public/swagger-ui'];
+    }
+}
diff --git a/update-js.sh b/update-js.sh
index bf4a295058..19d7d2f12e 100755
--- a/update-js.sh
+++ b/update-js.sh
@@ -68,6 +68,7 @@ cp node_modules/swagger-ui/dist/swagger-ui-standalone-preset.js "$dest"
 cp node_modules/swagger-ui/dist/swagger-ui.css "$dest"
 cp node_modules/swagger-ui/dist/swagger-ui.css.map "$dest"
 cp node_modules/swagger-ui/dist/oauth2-redirect.html "$dest"
+cp node_modules/swagger-ui/dist/oauth2-redirect.js "$dest"
 
 dest="${public}redoc/"
 if [[ -d "$dest" ]]; then