By default, when OAuth2 is enabled on Server Side, all the HTTP Requests require Authentication using Bearer Tokens.
If you want allow some URLs to be accessed without the need of use a Bearer Token, you can use the event OnOAuth2BeforeRequest
procedure OnOAuth2BeforeRequest(TObject Sender; TsgcWSConnection aConnection; TStringList aHeaders;
ref bool Cancel)
{
if (DecodeGETFullPath(aHeaders) == "/Public.html")
{
Cancel = true;
}
}