Suggested way to handle login

Hi all, I have an SPA and I’m trying to add oauth2. I’m using oathkeeper in k8s. I add a rule with url ‘/<.*>’ and authenticator ‘oauth2_introspection’. But this means my login page is blocked because they aren’t yet logged in. What should I do? I can create a specific rule for ‘/login’ but it conflicts with the catchall rule. Is there a way to do catchall?

thanks,