OpenApi: How to define cookie in response?

Question

OpenApi allows to define cookies in request parameters. But for response all I could find is either custom headers (signal general presence of Set-Cookie, but no clue about particular cookie) or rolling custom extension (which is also very limiting, eg. lacks type and description).

How to define response cookies?

Answer 1

The OAS does not mention anything special for cookies in responses.

The swagger docs are providing an example how to define the cookies for authentication. But it is generally usable for all kind of cookies.

  responses:
    '200':
      description: >
        Successfully authenticated.
        The session ID is returned in a cookie named `JSESSIONID`. You need to include this cookie in subsequent requests.
      headers: 
        Set-Cookie:
          schema: 
            type: string
            example: JSESSIONID=abcde12345; Path=/; HttpOnly