Hi everyone, I’m struggling to find this particular thing - I’d like to have an application hidden behind the Zero Trust application with some kind of authentication (e.g. Github) with one specific endpoint exposed publicly.
In my case, we’re hosting an internal tool for developers. The tool itself doesn’t provide any way of authentication but basic auth. I’ve managed to set up a Zero Trust application that in fact requires logging in with Github, but I can’t see a way to disable this challenge for one endpoint, in our case it’s /events, an endpoint for receiving GitHub Webhooks. I’ve read the docs and I found that we can use Service Token to authenticate bots, but GitHub doesn’t provide any way to inject headers or cookies to webhook requests. Is there any way to exclude that endpoint?