Is there a way to limit which methods or http actions require auth?

[NickAb]

I have a WebAPI application that has some destructive methods (POST, PUT, DELETE) protected with authorize attribute, and non-destructive GET methods allowed to be accessed by anyone.

Does the adal angular library support (it seems it does not) or are there plans to support either endpoints mappings with HTTP Action filters (i.e. include all POST host/api, but not GET).
Or, what I think might be useful solution but it is implicit, is to have an option to use interceptor only on requests that responded with 401 itself or when preflight request was made.
A similar explicit solution might be to include some flag in http config when making requests, so that interceptor would know that this method requires auth.

As current workaround, am I understanding correctly, that if I do not want to require login for each request, then I must not pass $httpProvider to init method, and then use custom $resource to set interceptor in methods where it is needed or create my own interceptor that will filter requests based on some mapping that tells if method required auth?

[derisen]

Closing this as we are archiving this sample. Please check out the new sample at ms-identity-javascript-angular-spa-aspnetcore-webapi.