diff --git a/app/controllers/projects/lfs_api_controller.rb b/app/controllers/projects/lfs_api_controller.rb
index 440259b643c..8a5a645ed0e 100644
--- a/app/controllers/projects/lfs_api_controller.rb
+++ b/app/controllers/projects/lfs_api_controller.rb
@@ -48,6 +48,10 @@ class Projects::LfsApiController < Projects::GitHttpClientController
     objects.each do |object|
       if existing_oids.include?(object[:oid])
         object[:actions] = download_actions(object)
+
+        if Guest.can?(:download_code, project)
+          object[:authenticated] = true
+        end
       else
         object[:error] = {
           code: 404,
diff --git a/changelogs/unreleased/lfs-noauth-public-repo.yml b/changelogs/unreleased/lfs-noauth-public-repo.yml
new file mode 100644
index 00000000000..60f62d7691b
--- /dev/null
+++ b/changelogs/unreleased/lfs-noauth-public-repo.yml
@@ -0,0 +1,4 @@
+---
+title: Support unauthenticated LFS object downloads for public projects
+merge_request: 8824
+author: Ben Boeckel
diff --git a/spec/requests/lfs_http_spec.rb b/spec/requests/lfs_http_spec.rb
index 9bfc84c7425..c0e7bab8199 100644
--- a/spec/requests/lfs_http_spec.rb
+++ b/spec/requests/lfs_http_spec.rb
@@ -600,6 +600,7 @@ describe 'Git LFS API and storage' do
             expect(json_response).to eq('objects' => [
               { 'oid' => sample_oid,
                 'size' => sample_size,
+                'authenticated' => true,
                 'actions' => {
                   'download' => {
                     'href' => "#{project.http_url_to_repo}/gitlab-lfs/objects/#{sample_oid}",