I’m using Zero Trust to secure a self-hosted application. I’m using a custom OIDC provider for authentication. Everything works swell.
My application is hosted at https://application.example.org - how do I bypass authentication for specific URLs, e.g. https://application.example.org/public should not have any authentication applied at all.
I see that I could create bypass-policies that allows e.g. specific IPs to bypass all authentication - I would want this to be restricted to a certain URL (i.e. /public is allowed by all IPs).