1 files changed, 4 insertions, 2 deletions

diff --git a/bin/api b/bin/api
index 53326388..dbec0d93 100755
--- a/bin/api
+++ b/bin/api
@@ -95,9 +95,11 @@ class API
   private
 
   def authorized?(request, permission, resource = Organization.new(id: 1))
-    token = request&.get_header('HTTP_AUTHORIZATION')&.split(' ', 2)&.last
+    authorization = Rack::Auth::AbstractRequest.new(request.env)
+    return false unless authorization.provided?
+
     response = rpc.allowed(
-      subject: token,
+      subject: authorization.params,
       permission: permission,
       resource: ::GlobalID.create(resource, app: "example").to_s
     )