Adding token from sessionstorage to Authorization Header

We are embedding Python Bokeh 2.2.1 in another application. We protect the Bokeh application using a sidecar OpenID Connect Keycloak Gatekeeper container. This Gatekeeper accepts an access token either in a cookie or in an Authorization header. Because we migrated from an OAuth backend-for-frontend architecture to fully browser-based authentication, the access token is now only available in sessionStorage and no longer in a cookie. In the past embedding this application worked fine for authentication, because the cookie is always passed along in calls to the backend, but this no longer works because sessionStorage is not passed to the backend.

The token is specifically available in sessionStorage under the key “oidc.user:url/realms/xx:yy” in a JSON object with an attribute called access_token. This access token needs to be passed along in the Authorization header (“Authorization”: “Bearer ” Websocket connection to the backend.

Is there a way to hook into Bokeh so that javascript code obtains the access token from sessionStorage and passes it along in the Authorization header to calls to Bokeh?

It’s impossible to add an authorization header to a WebSocket, so this approach is not viable.