Description
Web applications can be protected behind a reverse proxy that delegates login to providers such as Google, Keycloak, GitHub, and others. This helps teams add account-based access control without embedding authentication in every upstream app.
This is a security-sensitive network service. Misconfiguration can expose private apps or block legitimate users, so provider settings, cookies, headers, and trusted domains must be reviewed carefully.