diff --git a/src/middleware/jwt.rs b/src/middleware/jwt.rs
index 95b4781..7dbb52d 100644
--- a/src/middleware/jwt.rs
+++ b/src/middleware/jwt.rs
@@ -29,17 +29,23 @@ impl JwtMiddleware {
         &self,
         req: &Request<Incoming>,
     ) -> Result<Claims, Box<dyn std::error::Error + Send + Sync>> {
-        let auth_header = req
-            .headers()
-            .get("Authorization")
-            .and_then(|v| v.to_str().ok())
-            .filter(|h| h.starts_with("Bearer "))
-            .map(|h| &h[7..])
-            .ok_or("No token found")?;
+        let cookie_header = req.headers().get("Cookie").and_then(|v| v.to_str().ok());
+
+        let token = cookie_header
+            .and_then(|c| c.split(';').find(|s| s.trim().starts_with("access_token=")))
+            .map(|s| s.trim().trim_start_matches("access_token="))
+            .or_else(|| {
+                req.headers()
+                    .get("Authorization")
+                    .and_then(|v| v.to_str().ok())
+                    .filter(|h| h.starts_with("Bearer "))
+                    .map(|h| &h[7..])
+            })
+            .ok_or("No token found in Cookies or Authorization header")?;
 
         let mut validation = Validation::new(Algorithm::RS256);
         validation.set_required_spec_claims(&["exp", "sub"]);
-        let token_data = decode::<Claims>(auth_header, &self.decoding_key, &validation)?;
+        let token_data = decode::<Claims>(token, &self.decoding_key, &validation)?;
 
         Ok(token_data.claims)
     }
diff --git a/src/responder.rs b/src/responder.rs
index 2e6c6e4..c2e9135 100644
--- a/src/responder.rs
+++ b/src/responder.rs
@@ -1,5 +1,5 @@
 use http::{
-    Response, StatusCode,
+    HeaderName, HeaderValue, Response, StatusCode,
     header::{CONTENT_TYPE, LOCATION},
 };
 use http_body_util::Full;
@@ -60,6 +60,20 @@ impl Responder {
             .unwrap())
     }
 
+    pub fn with_headers<B: Into<Bytes>>(
+        status: StatusCode,
+        body: B,
+        headers: Vec<(HeaderName, HeaderValue)>,
+    ) -> Result<Response<Full<Bytes>>, Infallible> {
+        let mut builder = Response::builder().status(status);
+
+        for (name, value) in headers {
+            builder = builder.header(name, value);
+        }
+
+        Ok(builder.body(Full::new(body.into())).unwrap())
+    }
+
     pub fn json_with_status<T: Serialize>(
         status: StatusCode,
         value: &T,