clarify auth docs

2026-03-04 06:33:45 +00:00 · 2025-05-05 20:58:58 -05:00 · 2025-05-05 20:58:58 -05:00 · 82d60b630e
commit 82d60b630e
parent 14f5a73f56
1 changed files with 1 additions and 1 deletions
--- a/docs/docs/configuration/authentication.md
+++ b/docs/docs/configuration/authentication.md
@ -77,7 +77,7 @@ Changing the secret will invalidate current tokens.

 Frigate can be configured to leverage features of common upstream authentication proxies such as Authelia, Authentik, oauth2_proxy, or traefik-forward-auth.

-If you are leveraging the authentication of an upstream proxy, you likely want to disable Frigate's authentication. Optionally, if communication between the reverse proxy and Frigate is over an untrusted network, you should set an `auth_secret` in the `proxy` config and configure the proxy to send the secret value as a header named `X-Proxy-Secret`. Assuming this is an untrusted network, you will also want to [configure a real TLS certificate](tls.md) to ensure the traffic can't simply be sniffed to steal the secret.
+If you are leveraging the authentication of an upstream proxy, you likely want to disable Frigate's authentication as there is no correspondence between users in Frigate's database and users authenticated via the proxy. Optionally, if communication between the reverse proxy and Frigate is over an untrusted network, you should set an `auth_secret` in the `proxy` config and configure the proxy to send the secret value as a header named `X-Proxy-Secret`. Assuming this is an untrusted network, you will also want to [configure a real TLS certificate](tls.md) to ensure the traffic can't simply be sniffed to steal the secret.

 Here is an example of how to disable Frigate's authentication and also ensure the requests come only from your known proxy.