diff --git a/kamailio/authorization.cfg b/kamailio/authorization.cfg
index 579fab4..2b89167 100644
--- a/kamailio/authorization.cfg
+++ b/kamailio/authorization.cfg
@@ -13,19 +13,25 @@ modparam("statistics","variable", "auth:authn_unknown")
 
 route[AUTHORIZATION]
 {
-    if (isflagset(FLAG_INTERNALLY_SOURCED)) {
+    if (isflagset(FLAG_AUTHORIZED)) {
         return;
-	}
+    }
 
-	if (isflagset(FLAG_AUTHORIZED)) {
+    if (isflagset(FLAG_INTERNALLY_SOURCED)) {
+        setflag(FLAG_AUTHORIZED);
         return;
 	}
 
     if (!is_method("INVITE|REFER|MESSAGE|NOTIFY|SUBSCRIBE|PUBLISH")) {
-    	setflag(FLAG_AUTHORIZED);
+        setflag(FLAG_AUTHORIZED);
         return;
 	}
 
+    if (has_totag()) {
+        setflag(FLAG_AUTHORIZED);
+        return;
+    }
+
     route(AUTHORIZATION_CHECK);
 
 	if (!isflagset(FLAG_AUTHORIZED)) {
@@ -84,6 +90,18 @@ route[HANDLE_AUTHORIZATION]
 		exit;
 	}
 
+    if (!is_method("INVITE|REFER|MESSAGE|NOTIFY|SUBSCRIBE|PUBLISH")) {
+        consume_credentials();
+        route(MAIN);
+        exit;
+    }
+
+    if (has_totag()) {
+        consume_credentials();
+        route(MAIN);
+        exit;
+    }
+
     $var(amqp_payload_request) = $_s({"Event-Category" : "directory" , "Event-Name" : "authn_req", "Method" : "REGISTER", "Auth-Nonce" : "$adn", "Auth-Realm" : "$fd", "Auth-User" : "$fU", "From" : "$fu", "To" : "$tu", "Orig-IP" : "$si", "Orig-Port" : "$sp", "User-Agent" : "$(ua{s.escape.common}{s.replace,\','}{s.replace,$$,})", "Contact" : "$(ct{s.escape.common}{s.replace,\','}{s.replace,$$,})", "Call-ID" : "$ci" });
     $var(amqp_routing_key) = $_s($def(REGISTRAR_AMQP_RK_PREFIX)$(fd{kz.encode}));
     $avp(kz_timeout) = $sel(cfg_get.kazoo.registrar_query_timeout_ms);
@@ -140,16 +158,14 @@ route[KZ_AUTHORIZATION_CHECK_RESPONSE]
 	    route(ANITFLOOD_FAILED_AUTH);
 	    #!endif
 	    xlog("L_WARNING", "$ci|end|auth|$mbu\n");
-	    
 	    send_reply("403", "Forbidden");
 	    exit;
 	}
 
     consume_credentials();
     route(SETUP_AUTH_ORIGIN);
-    $xavp(ulattrs=>custom_channel_vars) = $(kzR{kz.json,Custom-Channel-Vars});
-    $xavp(ulattrs[0]=>token) = $_s($(kzR{kz.json,Custom-Channel-Vars.Authorizing-ID})@$(kzR{kz.json,Custom-Channel-Vars.Account-ID}));
-	setflag(FLAG_AUTHORIZED);
+    $xavp(hf[0]=>X-AUTH-Token) = $_s($(kzR{kz.json,Custom-Channel-Vars.Authorizing-ID})@$(kzR{kz.json,Custom-Channel-Vars.Account-ID}));
+    setflag(FLAG_AUTHORIZED);
     route(MAIN);
     exit;
 }