diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3ebf7f3458353b2e9d472f15dba535ecba3e9ec8..02867b9dc6da13a7e897da0e2fa885c56e8ee9f3 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Added
+
+- Added `/user/auth` Subroute: This new endpoint serves as an internal authentication endpoint to validate CKAN users against the CKAN user database. It supports HTTP Basic Authentication, allowing Nginx to forward authentication requests to CKAN.
+
 ### Fixed
 
 - Resolved display issues of the resource view and share icons.
diff --git a/ckanext/odsh/plugin.py b/ckanext/odsh/plugin.py
index 2078ae169b16e1f94f871656b518cfc91eb775eb..76bb10a4d62b330dcccd50a3e8822589cf3d1bde 100644
--- a/ckanext/odsh/plugin.py
+++ b/ckanext/odsh/plugin.py
@@ -73,6 +73,8 @@ class OdshPlugin(p.SingletonPlugin, DefaultTranslation, tk.DefaultDatasetForm):
         bp_user = user.blueprint
         bp_user.add_url_rule(u'/user', endpoint='user_index',
                              view_func=user.index, strict_slashes=False)
+        bp_user.add_url_rule(u'/user/auth', endpoint='user_auth',
+                             view_func=user.auth, strict_slashes=False)
         # bp_user.add_url_rule(u'/user/register', view_func=user.register)
 
         # Dashboard
diff --git a/ckanext/odsh/views/user.py b/ckanext/odsh/views/user.py
index 7963a52e8be5d606e1f60b66bf2d62be42d900c4..308ca820c91574229cf2be253e661374ff069176 100644
--- a/ckanext/odsh/views/user.py
+++ b/ckanext/odsh/views/user.py
@@ -1,7 +1,8 @@
 import ckan.plugins.toolkit as toolkit
 import ckan.authz as authz
 from ckan.common import g
-from flask import Blueprint
+import ckan.lib.authenticator as authenticator
+from flask import Blueprint, request, Response                                                                                                                           
 import ckan.views.user as ckan_user_view
 import logging
 
@@ -33,3 +34,26 @@ def read(id=None):
     if not g.user:
         return ckan_user_view.login()
     return ckan_user_view.read(id)
+
+
+def auth():
+    auth = request.authorization
+    if not auth:
+        return Response('Unauthorized', 401, {'WWW-Authenticate': 'Basic realm="Login Required"'})
+
+    username = auth.username
+    password = auth.password
+
+    if _authenticate(username, password):
+        return Response('Authorized', 200)
+    else:
+        return Response('Unauthorized', 401, {'WWW-Authenticate': 'Basic realm="Login Required"'})
+
+
+def _authenticate(username, password):
+    identity = {'login': username, 'password': password}
+    user = authenticator.ckan_authenticator(identity)
+
+    if user:
+        return user
+    return None