diff --git a/packages/api/src/controllers/auth.js b/packages/api/src/controllers/auth.js
index 74c5ad450..0171f3ae0 100644
--- a/packages/api/src/controllers/auth.js
+++ b/packages/api/src/controllers/auth.js
@@ -137,7 +137,7 @@ module.exports = {
       return { error: 'Logins not configured' };
     }
     const foundLogin = logins.find(x => x.login == login);
-    if (foundLogin && foundLogin.password == password) {
+    if (foundLogin && foundLogin.password && foundLogin.password == password) {
       return {
         accessToken: jwt.sign({ login }, tokenSecret, { expiresIn: getTokenLifetime() }),
       };
diff --git a/packages/api/src/main.js b/packages/api/src/main.js
index d9d81c61f..6b97431ce 100644
--- a/packages/api/src/main.js
+++ b/packages/api/src/main.js
@@ -48,7 +48,7 @@ function start() {
   if (logins && process.env.BASIC_AUTH) {
     app.use(
       basicAuth({
-        users: _.fromPairs(logins.map(x => [x.login, x.password])),
+        users: _.fromPairs(logins.filter(x => x.password).map(x => [x.login, x.password])),
         challenge: true,
         realm: 'DbGate Web App',
       })
diff --git a/packages/api/src/utility/hasPermission.js b/packages/api/src/utility/hasPermission.js
index 04d28112e..46ae1d1cb 100644
--- a/packages/api/src/utility/hasPermission.js
+++ b/packages/api/src/utility/hasPermission.js
@@ -39,7 +39,7 @@ function getLogins() {
       permissions: process.env.PERMISSIONS,
     });
   }
-  if (process.env.LOGINS) {
+  if (process.env.LOGINS || process.env.OAUTH_PERMISSIONS) {
     const logins = _.compact(process.env.LOGINS.split(',').map(x => x.trim()));
     for (const login of logins) {
       const password = process.env[`LOGIN_PASSWORD_${login}`];
@@ -51,6 +51,13 @@ function getLogins() {
           permissions,
         });
       }
+      if (process.env.OAUTH_PERMISSIONS) {
+        res.push({
+          login,
+          password: null,
+          permissions,
+        })
+      }
     }
   }