3.13.5.1.1 Query String Based Preauthentication

The request is preauthenticated if it contains a valid base64url encoded ([RFC4648] section 5) proxy token (section 3.13.5.1) from the server on the query string parameter "authToken". The token is validated according to section 3.13.5.1.

After successful pre-authentication the proxy MUST remove the authToken parameter with its value before replaying the request to the internal URL.