diff --git a/packages/auth/env.ts b/packages/auth/env.ts
index 12de5f558..e58aa9673 100644
--- a/packages/auth/env.ts
+++ b/packages/auth/env.ts
@@ -39,6 +39,7 @@ export const env = createEnv({
           AUTH_OIDC_SCOPE_OVERWRITE: z.string().min(1).default("openid email profile groups"),
           AUTH_OIDC_GROUPS_ATTRIBUTE: z.string().default("groups"), // Is used in the signIn event to assign the correct groups, key is from object of decoded id_token
           AUTH_OIDC_NAME_ATTRIBUTE_OVERWRITE: z.string().optional(),
+          AUTH_OIDC_FORCE_USERINFO: createBooleanSchema(false),
         }
       : {}),
     ...(authProviders.includes("ldap")
diff --git a/packages/auth/providers/oidc/oidc-provider.ts b/packages/auth/providers/oidc/oidc-provider.ts
index d03d9c736..d4e3b5d0d 100644
--- a/packages/auth/providers/oidc/oidc-provider.ts
+++ b/packages/auth/providers/oidc/oidc-provider.ts
@@ -22,6 +22,10 @@ export const OidcProvider = (headers: ReadonlyHeaders | null): OIDCConfig<Profil
       redirect_uri: createRedirectUri(headers, "/api/auth/callback/oidc", "https"),
     },
   },
+  // idToken false forces the use of the userinfo endpoint
+  // Userinfo endpoint is required for authelia since v4.39
+  // See https://github.com/homarr-labs/homarr/issues/2635
+  idToken: !env.AUTH_OIDC_FORCE_USERINFO,
   profile(profile) {
     if (!profile.sub) {
       throw new Error(`OIDC provider did not return a sub property='${Object.keys(profile).join(",")}'`);
diff --git a/turbo.json b/turbo.json
index 94702dfb9..208d42365 100644
--- a/turbo.json
+++ b/turbo.json
@@ -14,6 +14,7 @@
     "AUTH_OIDC_CLIENT_ID",
     "AUTH_OIDC_CLIENT_NAME",
     "AUTH_OIDC_CLIENT_SECRET",
+    "AUTH_OIDC_FORCE_USERINFO",
     "AUTH_OIDC_ISSUER",
     "AUTH_OIDC_SCOPE_OVERWRITE",
     "AUTH_OIDC_GROUPS_ATTRIBUTE",