diff --git a/resotolib/resotolib/asynchronous/web/auth.py b/resotolib/resotolib/asynchronous/web/auth.py
index 191c7a8390..0ea16b1a37 100644
--- a/resotolib/resotolib/asynchronous/web/auth.py
+++ b/resotolib/resotolib/asynchronous/web/auth.py
@@ -38,7 +38,7 @@ def always_allowed(request: Request) -> bool:
 
     @middleware
     async def valid_jwt_handler(request: Request, handler: RequestHandler) -> StreamResponse:
-        auth_header = request.headers.get("authorization")
+        auth_header = request.headers.get("authorization") or request.cookies.get("resoto_authorization")
         if always_allowed(request):
             return await handler(request)
         elif auth_header:
diff --git a/resotolib/test/asynchronous/web/test_auth.py b/resotolib/test/asynchronous/web/test_auth.py
index 1faeb203ee..6f947b5b7e 100644
--- a/resotolib/test/asynchronous/web/test_auth.py
+++ b/resotolib/test/asynchronous/web/test_auth.py
@@ -40,6 +40,14 @@ async def test_correct_psk(aiohttp_client: Any, app_with_auth: Application) -> N
     assert resp.status == 200
 
 
+@mark.asyncio
+async def test_correct_psk_as_cookie(aiohttp_client: Any, app_with_auth: Application) -> None:
+    client: TestClient = await aiohttp_client(app_with_auth)
+    jwt = encode_jwt({"foo": "bla"}, "test")
+    resp = await client.get("/", cookies=CIMultiDict({"resoto_authorization": f"Bearer {jwt}"}))
+    assert resp.status == 200
+
+
 @mark.asyncio
 async def test_wrong_psk(aiohttp_client: Any, app_with_auth: Application) -> None:
     client: TestClient = await aiohttp_client(app_with_auth)