Not working when using cookie authentication

[1111mp]

The cookie is not carried in the request header.

I'm not sure if it has anything to do with When using cookie authentication use document.cookie

This is the Cargo.toml file of my project:

[package]
name = "axum-web"
version = "0.1.0"
edition = "2021"

# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html

[workspace]
members = [".", "entity", "migration"]

[dependencies]
entity = { path = "entity" }
migration = { path = "migration" }
axum = { version = "0.7.2", features = ["multipart"] }
axum-macros = "0.4.0"
dotenvy = "0.15.7"
sea-orm = { version = "0.12.10", features = [
  "debug-print",
  "sqlx-mysql",
  "runtime-tokio-native-tls",
  "macros",
] }
serde = { version = "1.0.193", features = ["derive"] }
serde_json = "1.0.108"
tokio = { version = "1.35.0", features = ["full"] }
tokio-util = { version = "0.7.10", features = ["io"] }
tower-http = { version = "0.5.0", features = ["cors"] }
tracing-subscriber = "0.3.18"
jsonwebtoken = "9.2.0"
bcrypt = "0.15.0"
chrono = "0.4.31"
tower-cookies = "0.10.0"
tower = "0.4.13"
validator = { version = "0.15", features = ["derive"] }
thiserror = "1.0.51"
anyhow = "1.0.76"
futures = "0.3.30"
utoipa = { version = "4.1.0", features = ["axum_extras"] }
utoipa-swagger-ui = { version = "5.0.0", features = ["axum"] }

// ......

#[derive(OpenApi)]
#[openapi(
    paths(
        User::create_one, User::delete_one, User::user_signin
    ),
    components(
        schemas(
            Schema::RespError,
            User::RespForUser, User::UserInfo, User::CreateUser, User::DeleteUser, User::DeleteUserOpt, User::LoginUser)
    ),
    modifiers(&SecurityAddon),
    tags(
        (name = "User", description = "User items management API"),
        (name = "Post", description = "Post items management API")
    )
)]
pub struct ApiDoc;

pub struct SecurityAddon;

impl Modify for SecurityAddon {
    fn modify(&self, openapi: &mut utoipa::openapi::OpenApi) {
        if let Some(components) = openapi.components.as_mut() {
            components.add_security_scheme(
                "app_auth_key",
                SecurityScheme::ApiKey(ApiKey::Cookie(ApiKeyValue::new("app_auth_key"))),
            )
        }
    }
}

// .......

/// Delete User by id
///
/// Delete User by id. Returns either 200 success of 404 with RespError if User is not found.
#[utoipa::path(
        delete,
        path = "/api/v1/user/{id}",
        responses(
            (status = 200, description = "User delete done successfully", body = RespError),
            (status = 401, description = "Unauthorized to delete User", body = RespError),
            (status = 404, description = "User not found", body = RespError)
        ),
        params(
            ("id" = i32, Path, description = "User database id"),
            ("thoroughly" = Option<bool>, Query, description = "Whether to completely delete all user related information, default value is false")
        ),
        security(
            ("app_auth_key" = [])
        )
    )]
#[debug_handler]
pub(crate) async fn delete_one(
    State(state): State<AppState>,
    cookies: Cookies,
    PathParser(input): PathParser<DeleteUser>,
    QueryParser(opt): QueryParser<DeleteUserOpt>,
) -> Result<Response, KnownError> { 
    // ......
}

// .......

I have only just learned rust, so please feel free to correct me if there is anything wrong with the questions I asked. Thank you so much.

[chris-crispin]

Perhaps this is because the cookie is currently set with the Swagger ui path, therefore it will not be sent as a part of any requests routing through differing paths. That's what I think I'm seeing as the default behaviour. Am I missing a way to configure this in Swagger ui?