diff --git a/VERSION b/VERSION
index 53f98a7e..4ce4ddb0 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-20250403.1
+20250403.2
diff --git a/src/Auth/AuthProcessors.php b/src/Auth/AuthProcessors.php
index b9fb2eab..1c49c92f 100644
--- a/src/Auth/AuthProcessors.php
+++ b/src/Auth/AuthProcessors.php
@@ -409,7 +409,7 @@ final class AuthProcessors implements RouteHandler {
 
         $result = (function() use ($request) {
             $authz = explode(' ', $request->getHeaderLine('Authorization'), 2);
-            if(count($authz) < 2 || strcasecmp('basic', $authz[0]) !== 0)
+            if(count($authz) < 2 || strcasecmp('bearer', $authz[0]) !== 0)
                 return false;
 
             try {
diff --git a/src/OAuth2/OAuth2WebRoutes.php b/src/OAuth2/OAuth2WebRoutes.php
index 50db5e1a..e3387a3f 100644
--- a/src/OAuth2/OAuth2WebRoutes.php
+++ b/src/OAuth2/OAuth2WebRoutes.php
@@ -30,6 +30,7 @@ final class OAuth2WebRoutes implements RouteHandler, UrlSource {
     ) {}
 
     #[PatternRoute('GET', '/oauth2/authori[sz]e')]
+    #[Before('authz:cookie', required: false)]
     #[UrlFormat('oauth2-authorise', '/oauth2/authorize')]
     public function getAuthorise(HttpResponseBuilder $response, HttpRequest $request): string {
         return Template::renderRaw('oauth2.authorise');
@@ -46,6 +47,7 @@ final class OAuth2WebRoutes implements RouteHandler, UrlSource {
      * }
      */
     #[ExactRoute('POST', '/oauth2/authorize')]
+    #[Before('authz:cookie', required: false)]
     #[Before('input:urlencoded')]
     public function postAuthorise(HttpResponseBuilder $response, HttpRequest $request, FormContent $content): array {
         // TODO: RATE LIMITING
@@ -172,6 +174,7 @@ final class OAuth2WebRoutes implements RouteHandler, UrlSource {
      * }
      */
     #[ExactRoute('GET', '/oauth2/resolve-authorise-app')]
+    #[Before('authz:cookie', required: false)]
     #[UrlFormat('oauth2-resolve-authorise-app', '/oauth2/resolve-authorise-app')]
     public function getResolveAuthorise(HttpResponseBuilder $response, HttpRequest $request): array {
         // TODO: RATE LIMITING
@@ -246,6 +249,7 @@ final class OAuth2WebRoutes implements RouteHandler, UrlSource {
     }
 
     #[ExactRoute('GET', '/oauth2/verify')]
+    #[Before('authz:cookie', required: false)]
     #[UrlFormat('oauth2-verify', '/oauth2/verify')]
     public function getVerify(HttpResponseBuilder $response, HttpRequest $request): string {
         return Template::renderRaw('oauth2.verify');
@@ -261,6 +265,7 @@ final class OAuth2WebRoutes implements RouteHandler, UrlSource {
      * }
      */
     #[ExactRoute('POST', '/oauth2/verify')]
+    #[Before('authz:cookie', required: false)]
     #[Before('input:urlencoded')]
     public function postVerify(HttpResponseBuilder $response, HttpRequest $request, FormContent $content): array {
         // TODO: RATE LIMITING
@@ -358,6 +363,7 @@ final class OAuth2WebRoutes implements RouteHandler, UrlSource {
      * }
      */
     #[ExactRoute('GET', '/oauth2/resolve-verify')]
+    #[Before('authz:cookie', required: false)]
     #[UrlFormat('oauth2-resolve-verify', '/oauth2/resolve-verify')]
     public function getResolveVerify(HttpResponseBuilder $response, HttpRequest $request) {
         // TODO: RATE LIMITING