diff --git a/plinth/modules/gitweb/data/usr/share/freedombox/etc/apache2/conf-available/gitweb-freedombox-auth.conf b/plinth/modules/gitweb/data/usr/share/freedombox/etc/apache2/conf-available/gitweb-freedombox-auth.conf
index 4bf4bef7e..953c8802d 100644
--- a/plinth/modules/gitweb/data/usr/share/freedombox/etc/apache2/conf-available/gitweb-freedombox-auth.conf
+++ b/plinth/modules/gitweb/data/usr/share/freedombox/etc/apache2/conf-available/gitweb-freedombox-auth.conf
@@ -4,8 +4,6 @@
 ## is to be enabled when there are no public git projects.
 ##
 <Directory /usr/share/gitweb>
-    Include includes/freedombox-single-sign-on.conf
-    <IfModule mod_auth_pubtkt.c>
-        TKTAuthToken "git-access" "admin"
-    </IfModule>
+    Use AuthOpenIDConnect
+    Use RequireGroup git-access
 </Directory>
diff --git a/plinth/modules/gitweb/data/usr/share/freedombox/etc/apache2/conf-available/gitweb-freedombox.conf b/plinth/modules/gitweb/data/usr/share/freedombox/etc/apache2/conf-available/gitweb-freedombox.conf
index 21bdd2469..334937986 100644
--- a/plinth/modules/gitweb/data/usr/share/freedombox/etc/apache2/conf-available/gitweb-freedombox.conf
+++ b/plinth/modules/gitweb/data/usr/share/freedombox/etc/apache2/conf-available/gitweb-freedombox.conf
@@ -24,11 +24,10 @@ Alias /gitweb /usr/share/gitweb
     # Make gitweb work with custom FreedomBox configuration.
     SetEnv GITWEB_CONFIG /etc/gitweb-freedombox.conf
 
-    <If "%{HTTP_COOKIE} =~ /auth_pubtkt=.*tokens.*(admin|git-access)/">
-        Include includes/freedombox-single-sign-on.conf
-        <IfModule mod_auth_pubtkt.c>
-            TKTAuthToken "git-access" "admin"
-        </IfModule>
+    # Authentication is required for any operation if repository is private.
+    <If "%{HTTP_COOKIE} =~ /sessionid=/">
+        Use AuthOpenIDConnect
+        Use RequireGroup git-access
     </If>
 
     # Allow index.cgi symlink to gitweb.cgi to work. Treat gitweb.cgi as CGI
diff --git a/plinth/modules/gitweb/data/usr/share/freedombox/etc/gitweb-freedombox.conf b/plinth/modules/gitweb/data/usr/share/freedombox/etc/gitweb-freedombox.conf
index 9bed257f1..1bf2fb64a 100644
--- a/plinth/modules/gitweb/data/usr/share/freedombox/etc/gitweb-freedombox.conf
+++ b/plinth/modules/gitweb/data/usr/share/freedombox/etc/gitweb-freedombox.conf
@@ -52,7 +52,7 @@ our $project_maxdepth = 1;
 
 # export private repos only if authorized
 our $per_request_config = sub {
-    if(defined $ENV{'REMOTE_USER_TOKENS'}){
+    if(defined $ENV{'REMOTE_USER'}){
         our $export_auth_hook = sub { return 1; };
     }
     else {