I have my blocks sitting behind an NGINX reverse-proxy and I want to gate every request with Google OAuth. Once a user signs in with a valid Google account, NGINX should pass the traffic through; otherwise it must return the correct 4xx response. There are multiple blocks like test1.domain.com test2.domain.com etc, they will all have to remember the previous oauth but avoid workarounds to bypass security. We will use an openvpn also to access the page, otherwise the access will not be possible. The registration form can only be sent/shown manually, everything here will be used for admin pages etc. We are self-hosted. Here is what I’m expecting: • A clean, copy-and-paste NGINX configuration (or companion container) that plugs Google OAuth into the standard auth_request flow. • Clear instructions on any requirement. • A short README showing how to register the Google OAuth credentials, where to set client ID/secret, and how to test the flow locally with curl or a browser. - The vpn system and how it works - Security tests on possible workarounds etc. I’ll handle the Google Cloud console work myself; I just need the working config and a quick walkthrough. When you respond, focus on the similar NGINX-based OAuth jobs you’ve completed so I can gauge your experience.