we have a standard Django web app running behind a reverse proxy.

I want to setup a two layer authentification : one from the nginx reverse proxy to shield the application (presently a HTTP Basic authentication -yes we plan to upgrade to something stronger like SSL client certificate or smartcards-), and one at the application level

However we are currently running into a issue because the HTTP Basic Authorization header is conflicting with the Django Authorization header

The problem arises because the JWT auth from Django requires us to fill the "Authorization" header with the token while NGINX uses another type of authentication.

I'm looking for the best way to solve this problem and have the following questions :

1. is it possible to require Django to use an alternative HTTP header to carry its authentication token (instead of "Authorization")
2. or, conversely, is it possible to configure our nginx to use an alternative header for the HTTP Basic authentication (but it seems unlikely as it is done at the browser level) or to require the nginx to do the header translation : i.e. converting back and forth header before pushing them to the Django app.
3. or, even better, can we configure Django to stop using tokens and use the user authentified by nginx?

I'm looking for a solution that allows nginx to handle security and be responsible about it while adding another layer on top of it in Django what would be the best solution to try ?

Thanks