I'm struggling to understand how I'd integrate kanidm into my existing Nginx setup.

Currently I host multiple applications that come without any authentication/authorisation at all (e.g. the Gollum wiki) and proxy them behind Nginx as an reverse proxy. Nginx authenticates users via the auth_basic directive.

I want to replace this with a solution where the user opens the site, is redirected to some plain login portal where they can authenticate themself against my kanidm db and then, after succesful authentication get redirected back to the Wiki.

Could I directly replace the HTTP basic auth with using the Oauth2 functionality of kanidm or would I need something like oauth2-proxy, e.g. for the login portal?