Context

Suppose there is a e-commerce microservice architecture with the format:

In summary, a client will contact the Auth Service / Identity Service to receive a token. It passes the token to the API gateway, which verifies the token, and forwards the request.

That being said, there are services that need to be accessed when a user is not logged in, such as viewing the products on the homepage. This means they wont have a token, and will get rejected by the API gateway.

Question

Is there a way to design this where a user can access certain services without being logged in ?

Some ideas that came to mind were a guest token with limited roles, or splitting services into authorized and non authorized parts e.g. ProductInfoService, ProductCreateService, etc.