Generate a challenge when access is denied for unauthenticated users. On a 403 (access denied), if there are no credentials on the request,
public Auth