diff --git a/workout-system/workout.yaml b/workout-system/workout.yaml
index 64ec1f2..d87ec57 100644
--- a/workout-system/workout.yaml
+++ b/workout-system/workout.yaml
@@ -152,11 +152,23 @@ spec:
           value: "redis://wger-redis:6379/2"
         - name: CELERY_BACKEND
           value: "redis://wger-redis:6379/2"
-        # Proxy Authentication (for Authentik forward auth)
-        - name: WGER_USE_PROXY_AUTH
+        - name: ENABLE_OIDC
           value: "True"
-        - name: WGER_PROXY_AUTH_HEADER
-          value: "HTTP_X_AUTHENTIK_USERNAME"
+        - name: OIDC_RP_CLIENT_ID
+          value: "AXr6k4P1JcgKKMcvGeXOLwd69MJ1UVjz3fW80mEg"
+        - name: OIDC_RP_CLIENT_SECRET
+          value: "oaj4yWum0skWoAJVf4VvXSSnc4pdaWQbKtyPaMaG6prBN0av1b1w7bna6nUALoIXwSQWu9seFZl66XsYxaFWXVXcWyI6B63rl5saIFCifVg9hqkl6RlhxHL4X4u42pqd"
+        - name: OIDC_RP_SIGN_ALGO
+          value: "RS256"
+        # Authentik Endpoints (Replace 'authentik.dooplex.hu' with your actual Authentik domain)
+        - name: OIDC_OP_AUTHORIZATION_ENDPOINT
+          value: "https://authentik.dooplex.hu/application/o/authorize/"
+        - name: OIDC_OP_TOKEN_ENDPOINT
+          value: "https://authentik.dooplex.hu/application/o/token/"
+        - name: OIDC_OP_USER_ENDPOINT
+          value: "https://authentik.dooplex.hu/application/o/userinfo/"
+        - name: OIDC_OP_JWKS_ENDPOINT
+          value: "https://authentik.dooplex.hu/application/o/workout/jwks/"
         # Email (disabled - no email sending)
         - name: ENABLE_EMAIL
           value: "False"