Allowing mobile app access to Navidrome, Wallabag as public resources
Got Pangolin set up yesterday and I'm thrilled with the development. Excited to hammer out the details and have it working smoothly.
On my home server, I'm running (among other things) Navidrome and Wallabag, both of which I connect to using mobile apps on my Android phone: Symfonium for Navidrome, and Wallabag for, well, Wallabag.
Right now, both resources are public but protected by Pangolin SSO. This is an intermediate step; my ultimate goal is to use Pocket-ID as an identity provider for SSO—but the point is that I don't want to make these private resources, nor do I want to remove the SSO and rely only on the resources' native authentication processes.
But the mobile apps, of course, need to bypass the Pangolin authentication layer altogether.
For Wallabag, I've tried adding HTTP basic auth and making a rule to bypass auth on the /api/* path, but the app still throws errors, saying "API access test failed" and showing that it was served a Pangolin redirection page.
I haven't yet tried to hammer out Navidrome/Symfonium—I don't quite know where to start.
Has anyone successfully configured these resources and apps as public services behind SSO? I'd love to learn from you how you did it. I have a hunch that forward auth might be involved, but I don't fully understand forward auth yet or know how to set it up properly.
Thanks in advance!