If OIDC is setup for subdomain, do I still need to add it in the config to be protected before auth?

[C8opmBM]

Hello,

For services that are not supported with OIDC, I have them protected like this in authelia

    - domain: ['abc.domain.net', 'efg.domain.net']
      policy: two_factor

and like this in caddy v2

abc.{$DOMAIN} {
        import restricted-access #this is a snippet which forwards auth to authelia
        reverse_proxy abc:port
}

I have also a few services setup with oidc (portainer, outline, immich, owncloud ocis, grafana, etc).
Do I still need to add these domains in the authelia config (along with the oidc section) and to the caddy restricted-access or this is not needed as authentication is already done via oidc?
Will this actually translate in an unneeded double authentication?
Thanks.

[james-d-elliott]

We recommend that the forward auth section be omitted from these subdomains generally.

[C8opmBM]

Thanks, therefore I will not include them in the authelia default_policy (keep only the oidc client ids setup) and will also remove the import restricted-access from caddy.