We have implemented the advanced authorization plugin with stone webviewer in an iframe where the token gets injected via url query parameter. This works great and Orthanc ask our back-end api configured in WebServiceTokenValidationUrl
with the token in an Authorization header.
We would like to provide option for user to download an archive, and have added an anchor-tag with href to /studies/{id}/archive?token={user-token}
. This does however not work since the token is only added to the request body, not as a header. I tried cloning the source code for the advanced authroization plugin and added the following:
// AuthorizationWebService.cpp, row 132
else if (token != NULL && token->GetType() == TokenType_GetArgument){
authClient.AddHeader(token->GetKey(), tokenValue);
}
After recompiling and using the plugin this works as expected. Could this be of interest to the comunity? I would of course prefer not to have to compile the plugin separately from mainstream for this specific issue and I think token in headers is a common practice. Or atleast if this could be configureable to add get-tokens as headers when authorizing.