diff --git a/README.md b/README.md
index 3ab456c..3d2b239 100644
--- a/README.md
+++ b/README.md
@@ -311,8 +311,6 @@ To enable OIDC authentication, set the following environment variables in your a
 - **`AUTH_OIDC_CLIENT_SECRET`**:
   The client secret associated with your OIDC provider. This value is specific to the OIDC client created for the UniFi Voucher Site.
 
-> Please note that **enabling OIDC support will automatically disable the built-in login system**. Once OIDC is activated, all user authentication will be handled through your configured identity provider, and the local login mechanism will no longer be available.
-
 > Ensure your idP supports **Confidential Clients** with the **Authorization Code Flow**
 
 #### Determine Supported Client Types
@@ -363,6 +361,8 @@ If you prefer not to use any authentication for the web and api service, you can
 AUTH_DISABLE: 'true'
 ```
 
+> Note: This disables the token based authentication on the API
+
 ## Print Functionality
 
 The UniFi Voucher Site application includes built-in support for printing vouchers using 80mm receipt printers, offering a convenient way to distribute vouchers in physical format.
diff --git a/middlewares/authorization.js b/middlewares/authorization.js
index d93bf7a..8a5fa72 100644
--- a/middlewares/authorization.js
+++ b/middlewares/authorization.js
@@ -24,34 +24,48 @@ module.exports = {
      * @return {Promise<void>}
      */
     web: async (req, res, next) => {
-        // Check if authentication is enabled & OIDC is disabled
-        if(!variables.authDisabled && !variables.authOidcEnabled) {
+        let internal = false;
+        let oidc = false;
+
+        // Continue is authentication is disabled
+        if(variables.authDisabled) {
+            next();
+            return;
+        }
+
+        // Check if Internal auth is enabled then verify user status
+        if(variables.authInternalEnabled) {
             // Check if user has an existing authorization cookie
-            if (!req.cookies.authorization) {
-                res.redirect(302, `${req.headers['x-ingress-path'] ? req.headers['x-ingress-path'] : ''}/login`);
-                return;
-            }
+            if (req.cookies.authorization) {
+                // Check if token is correct and valid
+                try {
+                    const check = jwt.verify(req.cookies.authorization);
 
-            // Check if token is correct and valid
-            try {
-                const check = jwt.verify(req.cookies.authorization);
-
-                if(!check) {
-                    res.cookie('flashMessage', JSON.stringify({type: 'error', message: 'Invalid or expired login!'}), {httpOnly: true, expires: new Date(Date.now() + 24 * 60 * 60 * 1000)}).redirect(302, `${req.headers['x-ingress-path'] ? req.headers['x-ingress-path'] : ''}/login`);
-                }
-            } catch (e) {
-                res.cookie('flashMessage', JSON.stringify({type: 'error', message: 'Invalid or expired login!'}), {httpOnly: true, expires: new Date(Date.now() + 24 * 60 * 60 * 1000)}).redirect(302, `${req.headers['x-ingress-path'] ? req.headers['x-ingress-path'] : ''}/login`);
-                return;
+                    if(check) {
+                        internal = true;
+                    }
+                } catch (e) {}
             }
         }
 
-        // Check if authentication is enabled & OIDC is enabled
-        if(!variables.authDisabled && variables.authOidcEnabled) {
-            const middleware = oidc.requiresAuth();
-            return middleware(req, res, next);
+        // Check if OIDC is enabled then verify user status
+        if(variables.authOidcEnabled) {
+            oidc = req.oidc.isAuthenticated();
         }
 
-        next();
+        // Check if user is authorized by a service
+        if(internal || oidc) {
+            // Remove req.oidc if user is authenticated internally
+            if(internal) {
+                delete req.oidc;
+            }
+
+            next();
+            return;
+        }
+
+        // Fallback to login page
+        res.redirect(302, `${req.headers['x-ingress-path'] ? req.headers['x-ingress-path'] : ''}/login`);
     },
 
     /**
diff --git a/modules/info.js b/modules/info.js
index 5fb6688..1eb076a 100644
--- a/modules/info.js
+++ b/modules/info.js
@@ -72,7 +72,14 @@ module.exports = () => {
     /**
      * Log auth status
      */
-    log.info(`[Auth] ${variables.authDisabled ? 'Disabled!' : `Enabled! Type: ${variables.authOidcEnabled ? 'OIDC' : 'Internal'}`}`);
+    log.info(`[Auth] ${variables.authDisabled ? 'Disabled!' : `Enabled! Type: ${variables.authInternalEnabled ? 'Internal' : ''}${variables.authInternalEnabled && variables.authOidcEnabled ? ', ' : ''}${variables.authOidcEnabled ? 'OIDC' : ''}`}`);
+
+    /**
+     * Check auth services
+     */
+    if(!variables.authDisabled && !variables.authInternalEnabled && !variables.authOidcEnabled) {
+        log.error(`[Auth] Incorrect Configuration Detected!. Authentication is enabled but all authentication services have been disabled`);
+    }
 
     /**
      * Verify OIDC configuration
diff --git a/server.js b/server.js
index 888677f..8046b67 100644
--- a/server.js
+++ b/server.js
@@ -48,7 +48,7 @@ info();
 /**
  * Initialize JWT
  */
-if(!variables.authDisabled && !variables.authOidcEnabled) {
+if(!variables.authDisabled && variables.authInternalEnabled) {
     jwt.init();
 }
 
@@ -124,41 +124,47 @@ app.get('/', (req, res) => {
 
 // Check if web service is enabled
 if(variables.serviceWeb) {
-    if(!variables.authOidcEnabled) {
-        app.get('/login', (req, res) => {
-            // Check if authentication is disabled
-            if (variables.authDisabled) {
-                res.redirect(302, `${req.headers['x-ingress-path'] ? req.headers['x-ingress-path'] : ''}/vouchers`);
-                return;
-            }
+    app.get('/login', (req, res) => {
+        // Check if authentication is disabled
+        if (variables.authDisabled) {
+            res.redirect(302, `${req.headers['x-ingress-path'] ? req.headers['x-ingress-path'] : ''}/vouchers`);
+            return;
+        }
 
-            const hour = new Date().getHours();
-            const timeHeader = hour < 12 ? 'Good Morning' : hour < 18 ? 'Good Afternoon' : 'Good Evening';
+        const hour = new Date().getHours();
+        const timeHeader = hour < 12 ? 'Good Morning' : hour < 18 ? 'Good Afternoon' : 'Good Evening';
 
-            res.render('login', {
-                baseUrl: req.headers['x-ingress-path'] ? req.headers['x-ingress-path'] : '',
-                error: req.flashMessage.type === 'error',
-                error_text: req.flashMessage.message || '',
-                app_header: timeHeader
-            });
+        res.render('login', {
+            baseUrl: req.headers['x-ingress-path'] ? req.headers['x-ingress-path'] : '',
+            error: req.flashMessage.type === 'error',
+            error_text: req.flashMessage.message || '',
+            app_header: timeHeader,
+            internalAuth: variables.authInternalEnabled,
+            oidcAuth: variables.authOidcEnabled
         });
-        app.post('/login', async (req, res) => {
-            if (typeof req.body === "undefined") {
-                res.status(400).send();
-                return;
-            }
+    });
+    app.post('/login', async (req, res) => {
+        // Check if internal authentication is enabled
+        if(!variables.authInternalEnabled) {
+            res.status(501).send();
+            return;
+        }
 
-            const passwordCheck = req.body.password === variables.authInternalPassword;
+        if (typeof req.body === "undefined") {
+            res.status(400).send();
+            return;
+        }
 
-            if (!passwordCheck) {
-                res.cookie('flashMessage', JSON.stringify({type: 'error', message: 'Password Invalid!'}), {httpOnly: true, expires: new Date(Date.now() + 24 * 60 * 60 * 1000)}).redirect(302, `${req.headers['x-ingress-path'] ? req.headers['x-ingress-path'] : ''}/login`);
-                return;
-            }
+        const passwordCheck = req.body.password === variables.authInternalPassword;
 
-            res.cookie('authorization', jwt.sign(), {httpOnly: true, expires: new Date(Date.now() + 24 * 60 * 60 * 1000)}).redirect(302, `${req.headers['x-ingress-path'] ? req.headers['x-ingress-path'] : ''}/vouchers`);
-        });
-    }
-    app.get('/logout', (req, res) => {
+        if (!passwordCheck) {
+            res.cookie('flashMessage', JSON.stringify({type: 'error', message: 'Password Invalid!'}), {httpOnly: true, expires: new Date(Date.now() + 24 * 60 * 60 * 1000)}).redirect(302, `${req.headers['x-ingress-path'] ? req.headers['x-ingress-path'] : ''}/login`);
+            return;
+        }
+
+        res.cookie('authorization', jwt.sign(), {httpOnly: true, expires: new Date(Date.now() + 24 * 60 * 60 * 1000)}).redirect(302, `${req.headers['x-ingress-path'] ? req.headers['x-ingress-path'] : ''}/vouchers`);
+    });
+    app.get('/logout', [authorization.web], (req, res) => {
         // Check if authentication is disabled
         if (variables.authDisabled) {
             res.redirect(302, `${req.headers['x-ingress-path'] ? req.headers['x-ingress-path'] : ''}/vouchers`);
diff --git a/template/login.ejs b/template/login.ejs
index 9b53249..6e68511 100644
--- a/template/login.ejs
+++ b/template/login.ejs
@@ -50,22 +50,51 @@
             </div>
 
             <div class="mt-10 sm:mx-auto sm:w-full sm:max-w-sm">
-                <form class="space-y-6" action="<%= baseUrl %>/login" method="post" enctype="multipart/form-data">
+                <% if(internalAuth) { %>
+                    <form class="space-y-6" action="<%= baseUrl %>/login" method="post" enctype="multipart/form-data">
+                        <div>
+                            <label for="password" class="block text-sm font-medium leading-6 text-gray-900 dark:text-white">Password</label>
+                            <div class="mt-2">
+                                <input type="password" id="password" name="password" required class="block w-full rounded-md border-0 dark:bg-white/5 py-1.5 text-gray-900 dark:text-white shadow-sm ring-1 ring-inset ring-gray-300 dark:ring-white/10 focus:ring-2 focus:ring-inset focus:ring-sky-700 sm:text-sm sm:leading-6">
+                            </div>
+                        </div>
+
+                        <div>
+                            <button type="submit" class="flex w-full justify-center rounded-md bg-sky-700 px-3 py-1.5 text-sm font-semibold leading-6 text-white shadow-sm hover:bg-sky-600 focus-visible:outline focus-visible:outline-2 focus-visible:outline-offset-2 focus-visible:outline-sky-700">Sign in</button>
+                        </div>
+                    </form>
+                <% } %>
+
+                <% if(oidcAuth) { %>
                     <div>
-                        <label for="password" class="block text-sm font-medium leading-6 text-gray-900 dark:text-white">Password</label>
-                        <div class="mt-2">
-                            <input type="password" id="password" name="password" required class="block w-full rounded-md border-0 dark:bg-white/5 py-1.5 text-gray-900 dark:text-white shadow-sm ring-1 ring-inset ring-gray-300 dark:ring-white/10 focus:ring-2 focus:ring-inset focus:ring-sky-700 sm:text-sm sm:leading-6">
+                        <% if(internalAuth) { %>
+                            <div class="relative mt-10">
+                                <div class="absolute inset-0 flex items-center" aria-hidden="true">
+                                    <div class="w-full border-t border-black/5 dark:border-white/5"></div>
+                                </div>
+                                <div class="relative flex justify-center text-sm font-medium leading-6">
+                                    <span class="bg-gray-100 dark:bg-gray-900 px-6 text-gray-900 dark:text-white">Or continue with</span>
+                                </div>
+                            </div>
+                        <% } %>
+
+                        <div class="<%= internalAuth ? 'mt-6' : '' %>">
+                            <a href="<%= baseUrl %>/oidc/login" class="flex w-full items-center justify-center gap-3 rounded-md bg-white px-3 py-2 text-sm font-semibold text-gray-900 shadow-sm ring-1 ring-inset ring-gray-300 hover:bg-gray-50 focus-visible:ring-transparent">
+                                <svg class="h-5 w-5" viewBox="0 0 64 64" aria-hidden="true">
+                                    <path fill="#f7931e" d="M29.1 6.4v54.5l9.7-4.5V1.7l-9.7 4.7z"></path>
+                                    <path fill="#b2b2b2" d="M62.7 22.4L64 36.3l-18.7-4.1"></path>
+                                    <path d="M40.5 19.6v6.2a29.54 29.54 0 0 1 10.6 3.8l6.9-4.2a43.585 43.585 0 0 0-17.5-5.8M9.7 40.2c0-6.9 7.5-12.7 17.7-14.4v-6.2C11.8 21.5 0 30 0 40.2 0 50.8 12.6 59.5 29.1 61v-6.1C18 53.5 9.7 47.4 9.7 40.2" fill="#b2b2b2"></path>
+                                    <path d="M40.5 19.6v6.2a29.54 29.54 0 0 1 10.6 3.8l6.9-4.2a43.585 43.585 0 0 0-17.5-5.8M9.7 40.2c0-6.9 7.5-12.7 17.7-14.4v-6.2C11.8 21.5 0 30 0 40.2 0 50.8 12.6 59.5 29.1 61v-6.1C18 53.5 9.7 47.4 9.7 40.2" fill="#b2b2b2"></path>
+                                </svg>
+                                <span class="text-sm font-semibold leading-6">OpenID Connect</span>
+                            </a>
                         </div>
                     </div>
-
-                    <div>
-                        <button type="submit" class="flex w-full justify-center rounded-md bg-sky-700 px-3 py-1.5 text-sm font-semibold leading-6 text-white shadow-sm hover:bg-sky-600 focus-visible:outline focus-visible:outline-2 focus-visible:outline-offset-2 focus-visible:outline-sky-700">Sign in</button>
-                    </div>
-                </form>
+                <% } %>
 
                 <p class="mt-10 text-center text-sm text-gray-500 dark:text-gray-400">
                     <a href="https://github.com/glenndehaan/unifi-voucher-site" aria-label="GitHub Project Link" target="_blank" rel="noreferrer noopener" class="hover:text-gray-600 dark:hover:text-gray-500">
-                        <svg class="inline-block w-10" viewBox="0 0 42 42" fill="currentColor">
+                        <svg class="inline-block w-8" viewBox="0 0 42 42" fill="currentColor">
                             <path d="M21,0.5c-11.6,0-21,9.4-21,21c0,9.3,6,17.1,14.4,19.9c1.1,0.2,1.4-0.5,1.4-1c0-0.5,0-1.8,0-3.6C9.9,38.1,8.7,34,8.7,34c-1-2.4-2.3-3.1-2.3-3.1c-1.9-1.3,0.1-1.3,0.1-1.3c2.1,0.1,3.2,2.2,3.2,2.2c1.9,3.2,4.9,2.3,6.1,1.7c0.2-1.4,0.7-2.3,1.3-2.8c-4.7-0.5-9.6-2.3-9.6-10.4c0-2.3,0.8-4.2,2.2-5.6c-0.2-0.5-0.9-2.7,0.2-5.6c0,0,1.8-0.6,5.8,2.2c1.7-0.5,3.5-0.7,5.3-0.7c1.8,0,3.6,0.2,5.3,0.7c4-2.7,5.8-2.2,5.8-2.2c1.1,2.9,0.4,5,0.2,5.6c1.3,1.5,2.2,3.3,2.2,5.6c0,8.1-4.9,9.8-9.6,10.4c0.8,0.6,1.4,1.9,1.4,3.9c0,2.8,0,5.1,0,5.8c0,0.6,0.4,1.2,1.4,1C36,38.7,42,30.8,42,21.5C42,9.9,32.6,0.5,21,0.5z"></path>
                         </svg>
                     </a>
diff --git a/utils/status.js b/utils/status.js
index 54a2053..fcdff35 100644
--- a/utils/status.js
+++ b/utils/status.js
@@ -90,10 +90,10 @@ module.exports = () => {
             modules: {
                 internal: {
                     status: {
-                        text: (!variables.authDisabled && !variables.authOidcEnabled) ? 'Enabled' : 'Disabled',
-                        state: (!variables.authDisabled && !variables.authOidcEnabled) ? 'green' : 'red'
+                        text: (!variables.authDisabled && variables.authInternalEnabled) ? 'Enabled' : 'Disabled',
+                        state: (!variables.authDisabled && variables.authInternalEnabled) ? 'green' : 'red'
                     },
-                    details: (!variables.authDisabled && !variables.authOidcEnabled) ? 'Internal Authentication enabled.' : 'Internal Authentication not enabled.',
+                    details: (!variables.authDisabled && variables.authInternalEnabled) ? 'Internal Authentication enabled.' : 'Internal Authentication not enabled.',
                     info: 'https://github.com/glenndehaan/unifi-voucher-site#1-internal-authentication-default'
                 },
                 oidc: {