What youre talking about is having an app refer to authentik to find out who a user is.

Internet -> audiobookshelf -> asks authentik who it is

In addition to that, you can set pangolin up so that it doesnt even hit that app in the first place at all unless the user is already signed into authentik.

Internet -> pangolin makes user log into authentik before forwarding along -> audiobookshelf -> asks authentik who it is

So if the app in question has a security vulnerability, its not a problem because no one even gets to the app at all to begin to try to exploit it unless they’ve logged into authentik first.