How to skip authentification with http basic?

[DunklerPhoenix]

Heho
I try to hide a service behind authentik and login to it via app with http basic, but the authentik proxy always shows the normal login screen.
If I understand this docs correctly I can use https://username:password@myservice.domain.com to authenticate against authentik without the login screen if I use an app password, but it doesn't work.

Does somebody know how this is working?

authentik proxy docker compose:

services:
       
  authentik-proxy:
    image: ghcr.io/goauthentik/proxy
    ports:
      - 9100:9000
      - 9543:9443
    environment:
      AUTHENTIK_HOST: https://authentik.domain.com
      AUTHENTIK_INSECURE: "true"
      AUTHENTIK_TOKEN: TOKEN
      # Starting with 2021.9, you can optionally set this too
      # when authentik_host for internal communication doesn't match the public URL
      AUTHENTIK_HOST_BROWSER: https://authentik.domain.com
    labels:
      traefik.enable: "true"
      traefik.docker.network: "net"
      traefik.http.routers.authentik.entrypoints: "https"
      traefik.http.routers.authentik.rule: "PathPrefix(`/outpost.goauthentik.io/`)"
      traefik.http.routers.authentik.tls: "true"
      traefik.http.services.authentik.loadbalancer.server.port: "9000"
      # `authentik-proxy` refers to the service name in the compose file.
      traefik.http.middlewares.authentik.forwardauth.address: http://authentik-proxy:9000/outpost.goauthentik.io/auth/traefik
      traefik.http.middlewares.authentik.forwardauth.trustForwardHeader: true
      traefik.http.middlewares.authentik.forwardauth.authResponseHeaders: X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid,X-authentik-jwt,X-authentik-meta-jwks,X-authentik-meta-outpost,X-authentik-meta-provider,X-authentik-meta-app,X-authentik-meta-version
    restart: always
    hostname: 'authentik-proxy'
      
networks:
  default:
    external: true
    name: net

outpost config:

log_level: info
docker_labels: null
authentik_host: https://authentik.domain.com/
docker_network: null
container_image: null
docker_map_ports: true
refresh_interval: minutes=5
kubernetes_replicas: 1
kubernetes_namespace: default
authentik_host_browser: ""
object_naming_template: ak-outpost-%(name)s
authentik_host_insecure: false
kubernetes_json_patches: null
kubernetes_service_type: ClusterIP
kubernetes_image_pull_secrets: []
kubernetes_ingress_class_name: null
kubernetes_disabled_components: []
kubernetes_ingress_annotations: {}
kubernetes_ingress_secret_name: authentik-outpost-tls

provider config:

type: forward auth (single)
Intercept header authentication [x]
Send HTTP-Basic Authentication [ ]

EDIT: usertype is internal user

[ser]

I don't clearly understand why do you use Authentik then instead of a simple web reverse proxy like traefik, nginx or caddy?

[DunklerPhoenix]

Yeah i had this idea too, but I dont want a seperate login for each service. I use it on my browser too and the problem with this service is that I cant set the api of it as an exception in authentik (technical reasons)