Can Bitwarden access vaultwarden through authentik or security proxy?

[SpiderUnderUrBed]

The title is my question, I am planning to set up authentik to secure my homelab applications, I am using tailscale to access them and I shared my exit node with some of my friends, so for security reasons its important I sort out permissions and what services they can access, but I am worried that if i set up authentik to be the only way to access vaultwarden (I think making another way to access it directly that only I can use is kinda infeasable/I dont know how to do it)

Then bitwarden wont be able to access the vault. How should I set this up?
(This is unrelated to SSO but OIDC or some key given in the vaults url server header to bypass authentiks protection could help)

[crowley69]

I hope this proves useful.

My Vaultwarden is in a docker container behind nginx, and it is setup in authentik as a Forward auth proxy provider.
I am able to protect Vaultwarden web vault as well as the admin page while being able to use the Bitwarden app/extension normally by allowing the API to bypass authentik.

In Authentik > Provider > Advanced protocol settings > Unauthenticated Paths
I simply allowed the API by adding ^/api/.* to the Unauthenticated Paths, I also allowed a few other paths as well:

^/api/.*
^/wl/.*
^/identity/.*
^/images/.*

With this the Bitwarden app will bypass authentik flow, but you won't be able to use the web vault login, admin page or sends without authentication.

If your only goal is to protect the admin page behind authentik, the following regular expressions are all you need:

^/$
^/.*\.js
^/#/.*
^/#/login
^/#/2fa
^/#/vault
^/api/.*
^/images/.*
^/identity/.*
^/app/.*
^/locales/.*

Results may vary depending on your setup.