diff --git a/Dockerfile b/Dockerfile
index 5883ce4f07f583b8023af00993860f4216a137fb..b393155aab0d62e6a21a121685f12f5a3f3e7896 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -205,6 +205,16 @@ ARG LDAP_WRITE_SUPPORT_VERSION="1.9.0"
 ARG OIDC_LOGIN_VERSION="3.0.2"
 ARG IS_SELFHOST=false
 
+RUN curl -fsSL -o ldap_write_support.tar.gz \
+    "https://github.com/nextcloud-releases/ldap_write_support/releases/download/v${LDAP_WRITE_SUPPORT_VERSION}/ldap_write_support-v${LDAP_WRITE_SUPPORT_VERSION}.tar.gz" && \
+    tar -xf ldap_write_support.tar.gz -C ${BASE_DIR}/custom_apps && \
+    rm ldap_write_support.tar.gz
+
+RUN curl -fsSL -o oidc_login.tar.gz \
+    "https://github.com/pulsejet/nextcloud-oidc-login/releases/download/v${OIDC_LOGIN_VERSION}/oidc_login.tar.gz" && \
+    tar -xf oidc_login.tar.gz -C ${BASE_DIR}/custom_apps && \
+    rm oidc_login.tar.gz
+
 # Patches
 COPY patches/ ${TMP_PATCH_DIR}/
 RUN patch -u ${BASE_DIR}/core/templates/layout.user.php -i ${TMP_PATCH_DIR}/003-contact-search-removal.patch
@@ -218,17 +228,9 @@ RUN patch -u ${BASE_DIR}/apps/dav/lib/Connector/Sabre/Principal.php -i ${TMP_PAT
 RUN patch -u ${BASE_DIR}/apps/dav/lib/HookManager.php -i ${TMP_PATCH_DIR}/028-default-task-calendar.patch
 RUN patch -u ${BASE_DIR}/apps/provisioning_api/lib/Controller/UsersController.php -i ${TMP_PATCH_DIR}/029-restrict-user-to-change-primary-email.patch
 RUN patch -u ${BASE_DIR}/lib/private/Security/VerificationToken/VerificationToken.php -i ${TMP_PATCH_DIR}/033-verification-token-private.patch
+RUN patch -u ${BASE_DIR}/lib/private/AppFramework/Middleware/Security/CORSMiddleware.php -i ${TMP_PATCH_DIR}/034-oidc-bearer-token-auth.patch
 RUN rm -rf ${TMP_PATCH_DIR}
 
-RUN curl -fsSL -o ldap_write_support.tar.gz \
-    "https://github.com/nextcloud-releases/ldap_write_support/releases/download/v${LDAP_WRITE_SUPPORT_VERSION}/ldap_write_support-v${LDAP_WRITE_SUPPORT_VERSION}.tar.gz" && \
-    tar -xf ldap_write_support.tar.gz -C ${BASE_DIR}/custom_apps && \
-    rm ldap_write_support.tar.gz
-
-RUN curl -fsSL -o oidc_login.tar.gz \
-    "https://github.com/pulsejet/nextcloud-oidc-login/releases/download/v${OIDC_LOGIN_VERSION}/oidc_login.tar.gz" && \
-    tar -xf oidc_login.tar.gz -C ${BASE_DIR}/custom_apps && \
-    rm oidc_login.tar.gz
 
 # Remove user avatar generation for system addressbook card
 RUN sed -i 's/$this->getAvatarImage($user)/null/' ${BASE_DIR}/apps/dav/lib/CardDAV/Converter.php
diff --git a/patches/034-oidc-bearer-token-auth.patch b/patches/034-oidc-bearer-token-auth.patch
new file mode 100644
index 0000000000000000000000000000000000000000..51bd0156c7c46494b157bfae30e40d01926d40cf
--- /dev/null
+++ b/patches/034-oidc-bearer-token-auth.patch
@@ -0,0 +1,13 @@
+--- lib/private/AppFramework/Middleware/Security/CORSMiddleware.php	2024-04-08 08:53:20.410444998 +0530
++++ lib/private/AppFramework/Middleware/Security/CORSMiddleware-new.php	2024-04-09 19:05:21.133629632 +0530
+@@ -97,6 +97,10 @@
+ 			// Allow to use the current session if a CSRF token is provided
+ 			if ($this->request->passesCSRFCheck()) {
+ 				return;
++			}			
++			// Skip CORS check for requests with oidc token auth.
++			if ($this->session->getSession() instanceof ISession && $this->session->getSession()->get('is_oidc_token_login') === 1) {
++				return;
+ 			}
+ 			// Skip CORS check for requests with AppAPI auth.
+ 			if ($this->session->getSession() instanceof ISession && $this->session->getSession()->get('app_api') === true) {