diff --git a/services/web/app/src/Features/Authorization/PermissionsController.js b/services/web/app/src/Features/Authorization/PermissionsController.js
index 27b99081c6..1006c32224 100644
--- a/services/web/app/src/Features/Authorization/PermissionsController.js
+++ b/services/web/app/src/Features/Authorization/PermissionsController.js
@@ -99,11 +99,14 @@ function requirePermission(...requiredCapabilities) {
     if (!Features.hasFeature('saas')) {
       return next()
     }
-    if (!req.user) {
+    if (!req.user && !req.oauth_user) {
       return next(new Error('no user'))
     }
     try {
-      await assertUserPermissions(req.user, requiredCapabilities)
+      await assertUserPermissions(
+        req.user || req.oauth_user,
+        requiredCapabilities
+      )
       next()
     } catch (error) {
       next(error)