diff --git a/cmd/task/main.go b/cmd/task/main.go
index 984f73a6ef81d48dd9c2515d155764318ce75c94..b2d62cea2fc757e2eb5862b4daedfd0d4648ba03 100644
--- a/cmd/task/main.go
+++ b/cmd/task/main.go
@@ -21,6 +21,7 @@ import (
 	"golang.org/x/oauth2/clientcredentials"
 	"golang.org/x/sync/errgroup"
 
+	"gitlab.com/gaia-x/data-infrastructure-federation-services/tsa/golib/auth"
 	"gitlab.com/gaia-x/data-infrastructure-federation-services/tsa/golib/graceful"
 	goahealth "gitlab.com/gaia-x/data-infrastructure-federation-services/tsa/task/gen/health"
 	goahealthsrv "gitlab.com/gaia-x/data-infrastructure-federation-services/tsa/task/gen/http/health/server"
@@ -74,6 +75,8 @@ func main() {
 	// create storage
 	storage := storage.New(db)
 
+	httpClient := httpClient()
+
 	// create an HTTP Client which uses an authentication token
 	// Create an HTTP Client which uses an authentication token.
 	// The token will auto-refresh as necessary.
@@ -95,7 +98,7 @@ func main() {
 		cfg.Executor.Workers,
 		cfg.Executor.PollInterval,
 		cfg.Executor.MaxTaskRetries,
-		httpClient(),
+		httpClient,
 		logger,
 	)
 
@@ -106,7 +109,7 @@ func main() {
 		cache,
 		cfg.ListExecutor.Workers,
 		cfg.ListExecutor.PollInterval,
-		httpClient(),
+		httpClient,
 		logger,
 	)
 
@@ -166,6 +169,16 @@ func main() {
 		openapiServer = goaopenapisrv.New(openapiEndpoints, mux, dec, enc, nil, errFormatter, nil, nil)
 	}
 
+	// Apply Authentication middleware if enabled.
+	if cfg.Auth.Enabled {
+		m, err := auth.NewMiddleware(cfg.Auth.JwkURL, cfg.Auth.RefreshInterval, httpClient)
+		if err != nil {
+			log.Fatalf("failed to create authentication middleware: %v", err)
+		}
+		taskServer.Use(m.Handler())
+		taskListServer.Use(m.Handler())
+	}
+
 	// Configure the mux.
 	goatasksrv.Mount(mux, taskServer)
 	goatasklistsrv.Mount(mux, taskListServer)
@@ -231,14 +244,14 @@ func httpClient() *http.Client {
 		Transport: &http.Transport{
 			Proxy: http.ProxyFromEnvironment,
 			DialContext: (&net.Dialer{
-				Timeout: 30 * time.Second,
+				Timeout: 10 * time.Second,
 			}).DialContext,
 			MaxIdleConns:        100,
 			MaxIdleConnsPerHost: 100,
 			TLSHandshakeTimeout: 10 * time.Second,
 			IdleConnTimeout:     60 * time.Second,
 		},
-		Timeout: 30 * time.Second,
+		Timeout: 20 * time.Second,
 	}
 }
 
diff --git a/internal/config/config.go b/internal/config/config.go
index cb00ecbeaca1052bfe84ae7020cc841833d9d352..99d5411505111dcd6f25f21d372504a1203a22e3 100644
--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -4,6 +4,7 @@ import "time"
 
 type Config struct {
 	HTTP         httpConfig
+	Auth         authConfig
 	Mongo        mongoConfig
 	Policy       policyConfig
 	Executor     executorConfig
@@ -23,6 +24,12 @@ type httpConfig struct {
 	WriteTimeout time.Duration `envconfig:"HTTP_WRITE_TIMEOUT" default:"10s"`
 }
 
+type authConfig struct {
+	Enabled         bool          `envconfig:"AUTH_ENABLED" default:"true"`
+	JwkURL          string        `envconfig:"AUTH_JWK_URL"`
+	RefreshInterval time.Duration `envconfig:"AUTH_REFRESH_INTERVAL" default:"1h"`
+}
+
 type mongoConfig struct {
 	Addr string `envconfig:"MONGO_ADDR" required:"true"`
 	User string `envconfig:"MONGO_USER" required:"true"`