Use oauth2-proxy to check the access token validity, as long as manage sessions
with cookies. But still lets the application access it to further treatment.
OAuth2-Proxy only passes authenticated traffic to the backend application. That
breaks the application free from (potentially unsafe) custom OIDC code and
authorization handling. This is standard procedure and should not be part of
your code. Make use of this pattern when having this requirement.
