diff --git a/internal/outpost/proxyv2/application/mode_forward.go b/internal/outpost/proxyv2/application/mode_forward.go
index d4f10be23..930999e05 100644
--- a/internal/outpost/proxyv2/application/mode_forward.go
+++ b/internal/outpost/proxyv2/application/mode_forward.go
@@ -37,6 +37,15 @@ func (a *Application) forwardHandleTraefik(rw http.ResponseWriter, r *http.Reque
 		http.Error(rw, "configuration error", http.StatusInternalServerError)
 		return
 	}
+	if strings.EqualFold(fwd.Query().Get(CallbackSignature), "true") {
+		a.log.Debug("handling OAuth Callback from querystring signature")
+		a.handleAuthCallback(rw, r)
+		return
+	} else if strings.EqualFold(fwd.Query().Get(LogoutSignature), "true") {
+		a.log.Debug("handling OAuth Logout from querystring signature")
+		a.handleSignOut(rw, r)
+		return
+	}
 	// Check if we're authenticated, or the request path is on the allowlist
 	claims, err := a.getClaims(r)
 	if claims != nil && err == nil {
@@ -79,6 +88,15 @@ func (a *Application) forwardHandleCaddy(rw http.ResponseWriter, r *http.Request
 		http.Error(rw, "configuration error", http.StatusInternalServerError)
 		return
 	}
+	if strings.EqualFold(fwd.Query().Get(CallbackSignature), "true") {
+		a.log.Debug("handling OAuth Callback from querystring signature")
+		a.handleAuthCallback(rw, r)
+		return
+	} else if strings.EqualFold(fwd.Query().Get(LogoutSignature), "true") {
+		a.log.Debug("handling OAuth Logout from querystring signature")
+		a.handleSignOut(rw, r)
+		return
+	}
 	// Check if we're authenticated, or the request path is on the allowlist
 	claims, err := a.getClaims(r)
 	if claims != nil && err == nil {