[WIP] Add OAuth 2.0 scope requirement middleware

[Copilot]

Thanks for asking me to work on this. I will get started on it and keep this PR's description up to date as I form a plan and make progress.

Original prompt

requireOauth(scope) {
if (typeof scope !== 'string' || !scope) {
throw new Error(
"requireOauth() expects a non-empty string as 'scope' parameter"
)
}

const middleware = async (req, res, next) => {
  const Oauth2Server = (
    await import(
      '../../../../modules/oauth2-server/app/src/Oauth2Server.js'
    )
  ).default

  const request = new Oauth2Server.Request(req)
  const response = new Oauth2Server.Response(res)
  try {
    const token = await Oauth2Server.server.authenticate(
      request,
      response,
      { scope }
    )
    req.oauth = { access_token: token.accessToken }
    req.oauth_token = token
    req.oauth_user = token.user
    next()
  } catch (err) {
    if (
      err.code === 400 &&
      err.message === 'Invalid request: malformed authorization header'
    ) {
      err.code = 401
    }
    // send all other errors
    res
      .status(err.code)
      .json({ error: err.name, error_description: err.message })
  }
}
return expressify(middleware)

},

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.