diff --git a/service/api_pods_podid_func.py b/service/api_pods_podid_func.py
index 2ed48ae..efe3092 100644
--- a/service/api_pods_podid_func.py
+++ b/service/api_pods_podid_func.py
@@ -341,11 +341,12 @@ async def pod_auth(pod_id_net, request: Request):
             })
 
     else:
-        authenticated, _, _ = is_logged_in(request.cookies)
+        authenticated, xTapisUsername, _ = is_logged_in(request.cookies)
         # if already authenticated, return 200, which will allow the request to continue in Traefik
         if authenticated:
+            logger.debug(f"GET /pods/{pod_id_net}/auth - pod-auth, already authenticated X-Tapis-Username: {xTapisUsername}")
             #return {'code': 200} #result = {'path':'/', 'code': 302}
-            return JSONResponse(content="Already authenticated", status_code=200)
+            return JSONResponse(content="Already authenticated", status_code=200, headers={"X-Tapis-Username": xTapisUsername})
 
         # if not authenticated, start the OAuth flow
         pod = Pod.db_get_with_pk(pod_id, tenant=g.request_tenant_id, site=g.site_id)
@@ -513,6 +514,8 @@ def callback(pod_id_net, request: Request):
         response.set_cookie("X-Tapis-Token", token, domain=domain, secure=True)
         response.set_cookie("X-Tapis-Username", username, domain=domain, secure=True)    
 
+        response.headers["X-Tapis-Username"] = username
+        response.headers["X-Tapis-Token"] = token
 
         logger.debug(f"GET /pods/{pod_id_net}/auth/callback - pod_auth_callback last bit, response: {response}, net_info: {net_info.url}")