--- a/NEWS	Wed Nov 09 18:17:03 2022 +0100
+++ b/NEWS	Thu Nov 10 10:25:01 2022 +0100
@@ -7,7 +7,11 @@
 * new configuration option "StandardConfigurations" to replace multiple configurations.
   Allowed values: "osimis-web-viewer", "stone-webviewer"
 * added support for QIDO-RS query arguments (e.g: /dicom-web/studies?0020000D=1.2.3&...)
-
+* possible BREAKING_CHANGE: if "TokenHttpHeaders" is set to "Authorization" and if
+  "WebServiceUsername" is defined, the "Authorization" header of the HTTP request
+  sent to the auth-service will contain the basic auth info from WebServiceUsername and 
+  WebServicePassword.  You should get the "Authorization" value from the token-value field
+  of the payload sent to the auth-service.
 
 2022-09-26 - v 0.3.0
 ====================

--- a/Plugin/AuthorizationWebService.cpp	Wed Nov 09 18:17:03 2022 +0100
+++ b/Plugin/AuthorizationWebService.cpp	Thu Nov 10 10:25:01 2022 +0100
@@ -21,6 +21,7 @@
 #include "../Resources/Orthanc/Plugins/OrthancPluginCppWrapper.h"
 
 #include <Logging.h>
+#include <Toolbox.h>
 
 namespace OrthancPlugins
 {
@@ -93,10 +94,16 @@
         token->GetType() == TokenType_HttpHeader)
     {
       // If the token source is a HTTP header, forward it also as a
-      // HTTP header
-      headersKeys[headersCount] = token->GetKey().c_str();
-      headersValues[headersCount] = tokenValue.c_str();
-      headersCount++;
+      // HTTP header except if it is the Authorization header that might conflict with username_ and password_
+      std::string lowerTokenKey;
+      Orthanc::Toolbox::ToLowerCase(lowerTokenKey, token->GetKey());
+      
+      if (!(lowerTokenKey == "authorization" && !username_.empty()))
+      {
+        headersKeys[headersCount] = token->GetKey().c_str();
+        headersValues[headersCount] = tokenValue.c_str();
+        headersCount++;
+      }
     }
 
     // set the correct content type for the outgoing