From d9e2d24416e95dae101c328e7fc19d14cec337b6 Mon Sep 17 00:00:00 2001
From: D050513 <sebastian.van.syckel@sap.com>
Date: Wed, 4 Feb 2026 12:50:25 +0100
Subject: [PATCH] security: deactivate via empty custom auth

---
 guides/security/authentication.md | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/guides/security/authentication.md b/guides/security/authentication.md
index 81063a3d9..e57f68481 100644
--- a/guides/security/authentication.md
+++ b/guides/security/authentication.md
@@ -1390,15 +1390,20 @@ In such architectures, CAP authentication is obsolete and can be deactivated ent
 [Learn more about how to switch off authentication.](../../java/security#custom-spring-security-alone){.learn-more}
 
 </div>
-<!--
+
 <div class="node">
 
-TODO
+In such architectures, CAP authentication is obsolete and can be deactivated entirely.
+In CAP Node.js, this can be achieved via an empty custom authentication implementation.
+
+[Learn more about custom authentication in Node.js.](../../node.js/authentication.md#custom){.learn-more}
 
 </div>
--->
+
+
 
 ## Pitfalls
+
 - **Don't miss to configure security middleware.**
   Endpoints of (CAP) applications deployed on SAP BTP are, by default, accessible from the public network. 
   Without security middleware configured, CDS services are exposed to the public.