ATM auth support is limited, but you can add the required settings in PostProcess or with an own processor: https://github.com/RSuter/NSwag/wiki/Document-Processors-and-Operation-Processors

The answer before is just to change the spec for your needs. Maybe we also have to add more settings to configure the Swagger UI for that...,

I think I'll spend some time into NSwag and see how far I can get with it. With "we" you mean that there is no own processor or custom html template to use as override as in "me" to do so in the UI? :)

There is a processor to add scopes:
https://github.com/RSuter/NSwag/blob/master/src/NSwag.SwaggerGeneration/Processors/Security/OperationSecurityScopeProcessor.cs

But there is not processor to add auth infos except this one (Swagger 2.0 only?): https://github.com/RSuter/NSwag/blob/master/src/NSwag.SwaggerGeneration/Processors/Security/SecurityDefinitionAppender.cs

And maybe we have to add more UI configuration settings: https://github.com/RSuter/NSwag/blob/master/src/NSwag.AspNetCore/SwaggerUi3Settings.cs#L36

I'm not sure if the cookie authentication even works on swagger-ui by OAS v3 itself looking at this issue https://github.com/swagger-api/swagger-js/issues/1163