diff --git a/Classes/Security/SessionStartingHashToken.php b/Classes/Security/SessionStartingHashToken.php
index 4af63bf..239c0bc 100644
--- a/Classes/Security/SessionStartingHashToken.php
+++ b/Classes/Security/SessionStartingHashToken.php
@@ -26,9 +26,14 @@ public function updateCredentials(ActionRequest $actionRequest)
         $authenticationHashToken = $actionRequest->getHttpRequest()->getQueryParams()['_authenticationHashToken'] ?? null;
 
         if (!$authenticationHashToken) {
-            $authorizationHeader = $actionRequest->getHttpRequest()->getHeader('Authorization');
-            if ($authorizationHeader) {
-                $authenticationHashToken = str_replace('Bearer ', '', $authorizationHeader);
+            $authorizationHeaders = $actionRequest->getHttpRequest()->getHeader('Authorization');
+            if (!empty($authorizationHeaders)) {
+                foreach ($authorizationHeaders as $authorizationHeader) {
+                    if (strpos($authorizationHeader, 'Bearer ') === 0) {
+                        $authenticationHashToken = str_replace('Bearer ', '', $authorizationHeader);
+                        break;
+                    }
+                }
             }
         }