diff --git a/config/initializers/009-omniauth.rb b/config/initializers/009-omniauth.rb
index 90feb34426b..0e58b14b8c1 100644
--- a/config/initializers/009-omniauth.rb
+++ b/config/initializers/009-omniauth.rb
@@ -1,14 +1,7 @@
 require "openssl"
 require "openid_redis_store"
 
-# if you need to test this and are having ssl issues see:
-#  http://stackoverflow.com/questions/6756460/openssl-error-using-omniauth-specified-ssl-path-but-didnt-work
-# OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE if Rails.env.development?
-
-Rails.application.config.middleware.use OmniAuth::Builder do
-  Discourse.authenticators.each do |authenticator|
-    authenticator.register_middleware(self)
-  end
-end
+require "middleware/omniauth_bypass_middleware"
+Rails.application.config.middleware.use Middleware::OmniauthBypassMiddleware
 
 OmniAuth.config.logger = Rails.logger
diff --git a/lib/middleware/omniauth_bypass_middleware.rb b/lib/middleware/omniauth_bypass_middleware.rb
new file mode 100644
index 00000000000..4ee40a4f5ee
--- /dev/null
+++ b/lib/middleware/omniauth_bypass_middleware.rb
@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+# omniauth loves spending lots cycles in its magic middleware stack
+# this middleware bypasses omniauth middleware and only hits it when needed
+class Middleware::OmniauthBypassMiddleware
+
+  def initialize(app, options = {})
+    @app = app
+
+    # if you need to test this and are having ssl issues see:
+    #  http://stackoverflow.com/questions/6756460/openssl-error-using-omniauth-specified-ssl-path-but-didnt-work
+    # OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE if Rails.env.development?
+    @omniauth = OmniAuth::Builder.new(app) do
+      Discourse.authenticators.each do |authenticator|
+        authenticator.register_middleware(self)
+      end
+    end
+  end
+
+  def call(env)
+    if env["PATH_INFO"].start_with?("/auth")
+      @omniauth.call(env)
+    else
+      @app.call(env)
+    end
+  end
+
+end