Exclude RequestAuthentication JWT rules for specific paths

Hello,
I am running Istio version 1.10.5 and using OIDC Authentication with OAuth2-Proxy . Currently I am having below authorization policy having the custom action. Now i wanted to Disable RequestAuthentication JWT rules for specific paths. I have some workloads within the cluster which need to be exposed without the need to have a valid JWT token. How can i do that?.
Right now for all the request, gateway is expecting a valid JWT token.
I would like to exclude JWT token on the path /app/v1/metrics

kind: AuthorizationPolicy
metadata:
 name: authorization-policy
 namespace: istio-system
spec:
 selector:
   matchLabels:
     app: istio-ingressgateway
 action: CUSTOM
 provider:
   name: "oauth2-proxy"
 rules:
 - to:
   - operation:
       hosts:
        -  "knative-istio.example.com"
       notPaths:
        - "/app/v1/metrics"

```apiVersion: security.istio.io/v1beta1
kind: RequestAuthentication
metadata:
  name: keyhole-authentication-policy
  namespace: istio-system
spec:
  selector:
    matchLabels:
      istio: ingressgateway
  jwtRules:
  - issuer: "https://accounts.google.com"
    jwksUri: "https://www.googleapis.com/oauth2/v3/certs"

Can any one please help on this?

just tagging @YangminZhu if he has any thoughts?

Did you try another AuthorizationPolicy with an action ALLOW on the path?

We cannot have both action CUSTOM and ALLOW together in the same authorization policy.