Guarantee req.oauth in APIRoute middleware

app/routing/middleware/auth/APIRoute.middleware.js

@@ -10,6 +10,7 @@ class APIRouteMiddleware extends Middleware {
         if ( allow_user && req.is_auth ) {
             return next()
         } else if ( allow_token ) {
+            if ( !req.oauth ) req.oauth = {}
             return req.app.oauth2.authorise()(req, res, async e => {
                 if ( e ) return next(e)
                 // Look up the OAuth2 client an inject it into the route