diff --git a/services/web/app/src/Features/Authentication/AuthenticationController.js b/services/web/app/src/Features/Authentication/AuthenticationController.js
index 56db9e8f89..773ccb6d16 100644
--- a/services/web/app/src/Features/Authentication/AuthenticationController.js
+++ b/services/web/app/src/Features/Authentication/AuthenticationController.js
@@ -306,19 +306,26 @@ const AuthenticationController = {
     return doRequest
   },
 
-  requireOauth() {
+  /**
+   * @param {string} scope
+   * @return {import('express').Handler}
+   */
+  requireOauth(scope) {
+    if (typeof scope !== 'string' || !scope) {
+      throw new Error(
+        "requireOauth() expects a non-empty string as 'scope' parameter"
+      )
+    }
+
     // require this here because module may not be included in some versions
     const Oauth2Server = require('../../../../modules/oauth2-server/app/src/Oauth2Server')
     return function (req, res, next) {
-      if (next == null) {
-        next = function () {}
-      }
       const request = new Oauth2Server.Request(req)
       const response = new Oauth2Server.Response(res)
-      return Oauth2Server.server.authenticate(
+      Oauth2Server.server.authenticate(
         request,
         response,
-        {},
+        { scope },
         function (err, token) {
           if (err) {
             // use a 401 status code for malformed header for git-bridge
@@ -329,14 +336,15 @@ const AuthenticationController = {
               err.code = 401
             }
             // send all other errors
-            return res
+            res
               .status(err.code)
               .json({ error: err.name, error_description: err.message })
+          } else {
+            req.oauth = { access_token: token.accessToken }
+            req.oauth_token = token
+            req.oauth_user = token.user
+            next()
           }
-          req.oauth = { access_token: token.accessToken }
-          req.oauth_token = token
-          req.oauth_user = token.user
-          return next()
         }
       )
     }
diff --git a/services/web/test/unit/src/Authentication/AuthenticationControllerTests.js b/services/web/test/unit/src/Authentication/AuthenticationControllerTests.js
index 0332e52ef1..a9a7aa953a 100644
--- a/services/web/test/unit/src/Authentication/AuthenticationControllerTests.js
+++ b/services/web/test/unit/src/Authentication/AuthenticationControllerTests.js
@@ -574,7 +574,7 @@ describe('AuthenticationController', function () {
       this.res.json = sinon.stub()
       this.res.status = sinon.stub().returns(this.res)
       this.res.sendStatus = sinon.stub()
-      this.middleware = this.AuthenticationController.requireOauth()
+      this.middleware = this.AuthenticationController.requireOauth('scope')
     })
 
     describe('when Oauth2Server authenticates', function () {