diff --git a/CHANGELOG.md b/CHANGELOG.md
index e15adac..85bd3fa 100755
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,8 @@
 
 ## Development
 
+- Allow authorization via tokens, in addition to browser cookies and api keys.
+
 ## [0.2.7](https://github.com/berlinonline/ckanext-berlinauth/releases/tag/0.2.7)
 
 _(2024-07-22)_
diff --git a/ckanext/berlinauth/VERSION b/ckanext/berlinauth/VERSION
index b003284..b66b2ce 100644
--- a/ckanext/berlinauth/VERSION
+++ b/ckanext/berlinauth/VERSION
@@ -1 +1 @@
-0.2.7
+0.2.7-dev
\ No newline at end of file
diff --git a/ckanext/berlinauth/auth_middleware.py b/ckanext/berlinauth/auth_middleware.py
index 06579be..6df9b37 100644
--- a/ckanext/berlinauth/auth_middleware.py
+++ b/ckanext/berlinauth/auth_middleware.py
@@ -6,6 +6,7 @@
 import logging
 import re
 
+import ckan.lib.api_token as api_token
 import ckan.lib.base as base
 import ckan.model as model
 from ckan.plugins.toolkit import config, asbool
@@ -86,6 +87,9 @@ def __call__(self, environ, start_response):
         start_response(status, headers)
         return [b'']
 
+    # TODO: instead of using this hacky function, we should maybe use ckan.views.identify_user()
+    # Problem: it will crash saying there is no application context (Flask)
+    # How do we get one?
     def _get_user_for_apikey(self, environ):
         # Adapted from https://github.com/ckan/ckan/blob/625b51cdb0f1697add59c7e3faf723a48c8e04fd/ckan/lib/base.py#L396
         apikey_header_name = config.get(base.APIKEY_HEADER_NAME_KEY,
@@ -105,4 +109,6 @@ def _get_user_for_apikey(self, environ):
         # check if API key is valid by comparing against keys of registered users
         query = model.Session.query(model.User)
         user = query.filter_by(apikey=apikey).first()
+        if not user:
+            user = api_token.get_user_from_token(apikey)
         return user
diff --git a/ckanext/berlinauth/plugin.py b/ckanext/berlinauth/plugin.py
index 7694be5..9e29ce0 100644
--- a/ckanext/berlinauth/plugin.py
+++ b/ckanext/berlinauth/plugin.py
@@ -120,4 +120,9 @@ def get_actions(self):
     # -------------------------------------------------------------------
 
     def make_middleware(self, app, config):
-        return AuthMiddleware(app, config)
\ No newline at end of file
+        return AuthMiddleware(app, config)
+
+        # from ckan.config.middleware.flask_app import CKANFlask
+        # if isinstance(app, CKANFlask):
+        #     app.wsgi_app = FeedMiddleware(app.wsgi_app)
+        # return app