Forward the request headers from the frontend to the auth server

src/murfey/client/multigrid_control.py

@@ -592,7 +592,7 @@ def _start_dc(self, metadata_json, from_form: bool = False):
                 metadata_source_as_str = (
                     "/".join(source.parts[:-2])
                     + f"/{self._environment.visit}/"
-                    + source.parts[-2]
+                    + "/".join(source.parts[-2:])
                 )
                 metadata_source = Path(metadata_source_as_str.replace("//", "/"))
             ensure_dcg_exists(

src/murfey/server/api/auth.py

@@ -8,7 +8,7 @@
 
 import aiohttp
 import requests
-from fastapi import APIRouter, Depends, HTTPException, status
+from fastapi import APIRouter, Depends, HTTPException, Request, status
 from fastapi.security import (
     APIKeyCookie,
     OAuth2PasswordBearer,
@@ -84,18 +84,22 @@ def check_user(username: str) -> bool:
     return username in [u.username for u in users]
 
 
-async def validate_token(token: Annotated[str, Depends(oauth2_scheme)]):
+async def validate_token(
+    token: Annotated[str, Depends(oauth2_scheme)],
+    request: Request,
+):
     """
     Used by the backend routers to validate requests coming in from frontend.
     """
     try:
         # Validate using auth URL if provided; will error if invalid
         if auth_url:
-            headers = (
-                {}
-                if security_config.auth_type == "cookie"
-                else {"Authorization": f"Bearer {token}"}
-            )
+            # Extract and forward headers as-is
+            headers = dict(request.headers)
+            # Update/add authorization header if authenticating using password
+            if security_config.auth_type == "password":
+                headers["authorization"] = f"Bearer {token}"
+            # Forward the cookie along if authenticating using cookie
             cookies = (
                 {security_config.cookie_key: token}
                 if security_config.auth_type == "cookie"