Forward-auth vs OIDC — when to use which

May 19, 2026 · authentik auth

Reach for forward-auth when you just want "is this person logged in?" in front of an app that has no real notion of users — dashboards, internal tools, a metrics UI.

Reach for OIDC when the app needs its own accounts: repo ownership, per-user permissions, API tokens. A git forge behind forward-auth can't tell who pushed what — it needs to be an OAuth client, not a gated route.

← All posts