commit 8db17f7dbbb9d88aab7a39a609c58e9f5ac4548e
Author: Keegan Carruthers-Smith <keegan.csmith@gmail.com>
Date:   Wed Dec 3 13:46:40 2025 +0200

    fix(frontend): always include scope in WWW-Authenticate for API endpoints (#8158)
    
    The `APIRequireAuthMiddleware` is only used for `.api` routes, so we can
    unconditionally add the scope parameter. This simplifies the code and
    ensures all API endpoints inform OAuth clients about required scopes.
    
    Test Plan: updated unit test