I need help understanding IFRAME Auth

I was able to log in a user by opening RocketChat inside an Iframe, and sending a message with a loginToken like this:

this.chatIframe.nativeElement.contentWindow.postMessage({
    externalCommand: 'login-with-token',
    token: myLoginToken
}, rocketChatUrl);

That works, but I’m now trying to implement Iframe Auth so that if a user accesses RocketChat URL directly (not from within my site), the user doesn’t have to login again if it is already logged in my site. I need to configure an API URL to return the logged in user’s loginToken, which I did, and it works. However I just hardcoded it to see if it would work, but I now have to implement the full solution, and here is my problem.

My site is an Angular application which passes an X-AUTH-TOKEN header to my backend running on the server. Each request goes with that header, and that’s what I use to know if the user is logged in, and which user the request actually belongs to. It’s pretty standard. My problem is how to add Iframe Auth to this scheme. When RocketChat requests the API URL, my X-AUTH-TOKEN won’t be there, so I will have no way of knowing who the user is. What am I missing here?