Advanced authorization plugin - Send token from GET as header

We have implemented the advanced authorization plugin with stone webviewer in an iframe where the token gets injected via url query parameter. This works great and Orthanc ask our back-end api configured in WebServiceTokenValidationUrl with the token in an Authorization header.

We would like to provide option for user to download an archive, and have added an anchor-tag with href to /studies/{id}/archive?token={user-token}. This does however not work since the token is only added to the request body, not as a header. I tried cloning the source code for the advanced authroization plugin and added the following:

// AuthorizationWebService.cpp, row 132
else if (token != NULL && token->GetType() == TokenType_GetArgument){
  authClient.AddHeader(token->GetKey(), tokenValue);
}

After recompiling and using the plugin this works as expected. Could this be of interest to the comunity? I would of course prefer not to have to compile the plugin separately from mainstream for this specific issue and I think token in headers is a common practice. Or atleast if this could be configureable to add get-tokens as headers when authorizing.

1 Like

Hi @andreas.sundstrom

Yes, that makes sense ! And I had this project opened right now so I made the change.

Thanks,

Alain

Thanks @alainmazy !