diff --git a/src/DigitalData.Auth.API/Config/AuthApiParams.cs b/src/DigitalData.Auth.API/Config/AuthApiParams.cs
index b8c6c39..8a99e8e 100644
--- a/src/DigitalData.Auth.API/Config/AuthApiParams.cs
+++ b/src/DigitalData.Auth.API/Config/AuthApiParams.cs
@@ -12,6 +12,8 @@ namespace DigitalData.Auth.API.Config
 
         public string DefaultCookieName { get; init; } = "AuthToken";
 
+        public string DefaultQueryStringKey { get; init; } = "AuthToken";
+
         public required string Issuer { get; init; }
 
         public bool RequireHttpsMetadata { get; init; } = true;
diff --git a/src/DigitalData.Auth.API/Program.cs b/src/DigitalData.Auth.API/Program.cs
index 71dd06e..81f6330 100644
--- a/src/DigitalData.Auth.API/Program.cs
+++ b/src/DigitalData.Auth.API/Program.cs
@@ -102,43 +102,16 @@ builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
         {
             OnMessageReceived = context =>
             {
-                // if there is no token read related cookie
-                if (context.Token is null   // if there is no token
-                    && context.Request.Cookies.TryGetValue(apiParams!.DefaultCookieName, out var token)    // get token from cookies  
-                    && token is not null)  
-                    context.Token = token;
+                // if there is no token read related cookie or query string
+                if (context.Token is null)   // if there is no token
+                {
+                    if (context.Request.Cookies.TryGetValue(apiParams!.DefaultCookieName, out var cookieToken) && cookieToken is not null)
+                        context.Token = cookieToken;
+                    else if (context.Request.Query.TryGetValue(apiParams.DefaultQueryStringKey, out var queryStrToken))
+                        context.Token = queryStrToken;
+                }
                 return Task.CompletedTask;
-            },
-        };
-    });
-
-builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
-    .AddJwtBearer(options =>
-    {
-        options.RequireHttpsMetadata = apiParams!.RequireHttpsMetadata;
-        options.ClaimsIssuer = apiParams!.Issuer;
-        options.Audience = apiParams.LocalConsumer.Audience;
-        options.TokenValidationParameters = new()
-        {
-            ValidateIssuer = true,
-            ValidIssuer = apiParams!.Issuer,
-            ValidateAudience = true,
-            ValidAudience = apiParams.LocalConsumer.Audience,
-            ValidateLifetime = true,
-            IssuerSigningKey = issuerSigningKeyInitiator?.Value
-        };
-
-        options.Events = new JwtBearerEvents
-        {
-            OnMessageReceived = context =>
-            {
-                // if there is no token read related cookie
-                if (context.Token is null   // if there is no token
-                    && context.Request.Cookies.TryGetValue(apiParams!.DefaultCookieName, out var token)    // get token from cookies  
-                    && token is not null)
-                    context.Token = token;
-                return Task.CompletedTask;
-            },
+            }
         };
     });