WebMapTileServiceImageryProvider Authentication Token

1. A concise explanation of the problem you're experiencing.
I would like to load WMTS imagery from a server that requires authentication (a bearer token). Each tile request requires the token in the request header. The WebMapTileServiceImageryProvider API does not appear to expose such a token or the request headers. Therefore, I am not able to request WMTS imagery from my server using WebMapTileServiceImageryProvider.

2. A minimal code example. If you've found a bug, this helps us reproduce and repair it.
This is an example of how I would like to use the API:

var wmtsImagery = new Cesium.WebMapTileServiceImageryProvider({
    url : ‘https://example.com/wmts/’,
    token : ‘theBearerToken’,// pass in the token here

3. Context. Why do you need to do this? We might know a better way to accomplish your goal.
Should I create my own imagery provider using the ImageryProvider interface as described here https://cesiumjs.org/tutorials/Imagery-Layers-Tutorial/#imagery-providers? This provider would essentially be exactly the same as the WebMapTileServiceImageryProvider, only it would allow an optional token to be part of each request. Or perhaps I should submit a pull request. I have not fully investigated how difficult this implementation would be.

4. The Cesium version you're using, your operating system and browser.
Cesium: 1.39.0
OS: Ubuntu 16.04
Browser: Chrome 62.0.3202.94 64-bit

Thank you,

Curious if anyone has any thoughts on this. Thanks for your help!

WMTS, like most imagery providers, uses the JavaScript Image API to request tiles, which is the method with the best performance. Unfortunately, that browser API does not provide any mechanism to set request headers.

Work is currently being done to refactor the process by which remote resources are loaded in Cesium: https://github.com/AnalyticalGraphicsInc/cesium/pull/6035 However, this is still in the early stages at this point.

In the current code, it would be much less work if you can provide your access token via query parameters. Perhaps you could check to see if the server supports that alternate mechanism.

If not, then it would be possible to use the loadBlob function in Cesium to load the image into a blob using XHR (which allows request headers), then convert to an image, similar to what is done in the loadImageViaBlob function. This would be major changes to the existing provider, so perhaps making a new provider for your own purpose would be the best approach.

Thank you for your quick reply and for this information. I will check if my server allows the token to be sent via query parameters and also look in to making a new provider.