Traefik Forward Auth is incredibly useful to secure services with an additional layer of authentication, provided by an OIDC-compatible provider. The simplest possible provider is a self-hosted instance of Dex, configured with a static username and password. This is not much use if you want to provide "normies" access to your services though - a better solution would be to validate their credentials against an existing trusted public source.
When utilizing “WHITELIST” the comma separated value list cannot have spaces. Took me awhile to figure out why “[email protected]” wouldn’t authorize and realized I had " [email protected]" (notice the leading space).