As long as your auth configs are set to ignore on failure rather than 40x’ing the request, it will fall through