how to use cakePHP addUnauthenticatedActions() with tokens in the URL

I am working in Cake 4 and have successfully included the authentication plugin that replaces the deprecated Auth(). To avoid an infinite redirect loop I have added the actions I want excluded from authentication similar to that shown in the Cake CMS tutorial.

UsersController:

$this->Authentication->addUnauthenticatedActions(['login', 'forgotpassword', 'resetpassword']);

I intend to use tokens for the resetpassword action and a reset link sent to a user will look something like this.

http://localhost/axletrace/users/resetpassword7724d1bbd400e0bd624411549a2dd64c6b73481e

Because the action requested now looks like 'resetpassword7724d1bbd400e0bd624411549a2dd64c6b73481e', it is not a match to the exclusions listed above and it redirects to the login page.

I have tried using a wildcard as shown below but it makes no difference. $this->Authentication->addUnauthenticatedActions(['login', 'forgotpassword', 'resetpassword*']);

Given that the token is not a开发者_Go百科 static value what is the way to handle this situation. I am trying to use the token as an authentication token only. I would prefer not to use JWT Authentication and I am not worrying about session tokens for the time being.

Any help would be apprecated, thanks.