{# The following directives enforce OAuth2 authentication: #}

auth_request /oauth2/auth;
{# This directive issues an internal sub-request to '/oauth2/auth' for every incoming request. #}
{# The sub-request checks if the client is authenticated. #}

error_page 401 = /oauth2/start;
{# If the authentication check fails (i.e., a 401 Unauthorized is returned), #}
{# this directive redirects the client to '/oauth2/start', which typically initiates the OAuth2 login process. #}