@ -10,6 +10,7 @@ class APIRouteMiddleware extends Middleware {
if ( allow_user && req.is_auth ) {
return next()
} else if ( allow_token ) {
if ( !req.oauth ) req.oauth = {}
return req.app.oauth2.authorise()(req, res, async e => {
if ( e ) return next(e)
// Look up the OAuth2 client an inject it into the route