diff --git a/proxy/pkg/middleware/basic_auth.go b/proxy/pkg/middleware/basic_auth.go
index 78363a58ac..607efa7589 100644
--- a/proxy/pkg/middleware/basic_auth.go
+++ b/proxy/pkg/middleware/basic_auth.go
@@ -2,13 +2,16 @@ package middleware
 
 import (
 	"fmt"
+	"net/http"
+	"strings"
+
 	accounts "github.com/owncloud/ocis/accounts/pkg/proto/v0"
 	"github.com/owncloud/ocis/ocis-pkg/log"
 	"github.com/owncloud/ocis/ocis-pkg/oidc"
-	"net/http"
-	"strings"
 )
 
+const publicFilesEndpoint = "/remote.php/dav/public-files/"
+
 // BasicAuth provides a middleware to check if BasicAuth is provided
 func BasicAuth(optionSetters ...Option) func(next http.Handler) http.Handler {
 	options := newOptions(optionSetters...)
@@ -33,7 +36,7 @@ type basicAuth struct {
 }
 
 func (m basicAuth) ServeHTTP(w http.ResponseWriter, req *http.Request) {
-	if !m.shouldServe(req) {
+	if m.isPublicLink(req) || !m.isBasicAuth(req) {
 		m.next.ServeHTTP(w, req)
 		return
 	}
@@ -57,16 +60,14 @@ func (m basicAuth) ServeHTTP(w http.ResponseWriter, req *http.Request) {
 	m.next.ServeHTTP(w, req.WithContext(oidc.NewContext(req.Context(), claims)))
 }
 
-func (m basicAuth) shouldServe(req *http.Request) bool {
+func (m basicAuth) isPublicLink(req *http.Request) bool {
+	login, _, ok := req.BasicAuth()
+
+	return ok && login == "public" && strings.HasPrefix(req.URL.Path, publicFilesEndpoint)
+}
+
+func (m basicAuth) isBasicAuth(req *http.Request) bool {
 	login, password, ok := req.BasicAuth()
 
-	if ok && login == "public" && strings.HasPrefix(req.URL.Path, "/remote.php/dav/public-files/") {
-		return true
-	}
-
-	if m.enabled && ok && login != "" && password != "" {
-		return true
-	}
-
-	return false
+	return m.enabled && ok && login != "" && password != ""
 }