diff --git a/app/routing/middleware/auth/APIRoute.middleware.js b/app/routing/middleware/auth/APIRoute.middleware.js
index 7685e6f..a24241b 100644
--- a/app/routing/middleware/auth/APIRoute.middleware.js
+++ b/app/routing/middleware/auth/APIRoute.middleware.js
@@ -10,6 +10,7 @@ class APIRouteMiddleware extends Middleware {
         if ( allow_user && req.is_auth ) {
             return next()
         } else if ( allow_token ) {
+            if ( !req.oauth ) req.oauth = {}
             return req.app.oauth2.authorise()(req, res, async e => {
                 if ( e ) return next(e)
                 // Look up the OAuth2 client an inject it into the route