By default, when OAuth2 is enabled on Server Side, all the HTTP Requests require Authentication using Bearer Tokens.
If you want allow some URLs to be accessed without the need of use a Bearer Token, you can use the event OnOAuth2BeforeRequest
Find below a sample code which shows the use of the event.
procedure OnOAuth2BeforeRequest(Sender: TObject; aConnection: TsgcWSConnection; aHeaders: TStringList; var Cancel: Boolean);
begin
if DecodeGETFullPath(aHeaders) = '/Public.html' then
Cancel := True
else if DecodePOSTFullPath(aHeaders) = '/Form.html' then
Cancel := True;
end;