Authenticated Resource Routes in a shopify-remix app

Has anyone come up with a good way to authenticate Resource Routes in a shopify remix app? My app is an embedded app and built from the shopify cli initially. I can make remix resource routes work unauthenticated but having difficulties getting a resource route to authenticate. I think it's because they aren't run in the app bridge so the authentication method doesn't work.

Ideally I would be able to POST from my remix form to a resource route and be able to authenticate within the action handler of that resource route. e.g. to generate a download. however, remix state that you should use "reloadDocument" when navigating to a resource route as it doesn't work in the normal remix-y way. This causes a problem with the authentication though as we don't get the relevant headers. Is there an easy way to add in the querystring parameters that app bridge / remix expects so that the call to get an authenticated admin object works.