Hi switzer,
I think I might know what's happening...
There is an issue with Cookies, that we have an initial ( not ideal ) solution.
SwaggerHub.com uses cookies to keep a session active for users. As such, cookies get sent back and forth between the "Try it out" form and the internal proxy ( the proxy is there to circumnavigate CORS issues).
Since many servers can be quite strict in what headers they receive, we've had to ensure that our cookie sessions don't follow the request.
So our intermediary solution is the Authentication system.
If you define a securityDefinition followed by a security in each operation that needs authentication, then you can "log in" with the Try it out form. What it does is add a header ( or query ) of your choosing to each request. Unfortunately, ( and this is the "not ideal" part). You'll have to make this a two part process.
> For the `securityDefinitions` and `security` in your schema... exmple: https://swaggerhub.com/api/ponelat/with-cookies/1/edit and reference: https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#securityDefinitionsObject
Once you've set it up..
1. Get your cookie string by calling your endpoint, then looking at the Response Headers for "set-cookie"
2. Authenticate your session by clicking on the "Authorize button"
2.1 Then you can paste your cookie string. And subsequent requests ( that have the security property ) will include the Cookie header.
Happy Developing!
Josh
FWIW I installed Swagger UI on my machine, and the API works as expected when I load the UI as a file://...
When i load as "http://localhost:8080..." it does not work.
Separately, we rolled out our API with an API key, so I am going to pursue this path instead.
