Token is sent in the header, not in the cookie

[KarolBorkowski]

Describe the bug
I'm using a custom JWT authentication sent in a cookie. When I authorize using the green button in the swagger-generated API, the authorization token is sent in the header, not in the cookie.

To Reproduce

class JWTCookieAuthenticationScheme(OpenApiAuthenticationExtension):
    name = "JWTCookieAuthenticationScheme"
    target_class = JWTCookieAuthentication

    def get_security_definition(self, auto_schema):
        return {
            'type': 'apiKey',
            'in': 'cookie',
            'name': 'jwt',
        }

Expected behavior
The authorization data is sent in the cookie.

At the moment, the generated CURL command is the following:

curl -X 'GET' \
  'http://localhost:8001/user/Karol/' \
  -H 'accept: application/json' \
  -H 'Cookie: jwt=12345'

I'd rather expect something like this:

curl -X 'GET' \
  'http://localhost:8001/user/Karol/' \
  -H 'accept: application/json' \
  --cookie 'jwt=12345'

Is it a bug or I'm doing something wrong? Thanks in advance!

[tfranzel]

I see. There is nothing wrong with your extensions. As a matter of fact we use exactly that notation multiple times. You could call that an upstream issue I suppose.

We generate the security scheme exactly as expected per OpenAPI 3: https://swagger.io/docs/specification/authentication/cookie-authentication/ That is the only way I know how to set a cookie in the schema.

What SwaggerUI decides to do with it is outside of your reach and scope. We have no control over how they generate that curl snippet. You may have to file an issue at SwaggerUI.

[KarolBorkowski]

It's a known issue in SwaggerUI. I paste the link in case somebody is interested: swagger-api/swagger-js#1163