@zonaut thank you for this. I did some testing and the first curl works in my environment - I get the access_token as part of the response.
The second - the api call
curl --location --request GET 'https://whoami.mydomain/api/http/routers' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer eyJhbG...L_J8g' \
--header 'Cookie: _forward_auth_csrf=958ae1cb0c5ff311123b81daad0052a5'
The response is unfortunately the login page. I think this may be limitation of the traefik_forward_auth module I am using to add oauth to any nonsecure backend.
I’ll take this example over to the Traefik forum to see if this should be supported. Thanks for the help so far.
Steve