linuxfoundation · ulemons · Jun 15, 2026 · Jun 15, 2026
diff --git a/backend/src/api/public/v1/index.ts b/backend/src/api/public/v1/index.ts
@@ -4,12 +4,11 @@ import { NotFoundError } from '@crowd/common'
 
 import { createRateLimiter } from '@/api/apiRateLimiter'
 import { safeWrap } from '@/middlewares/errorMiddleware'
+import { SCOPES } from '@/security/scopes'
 
-// TODO: restore once read:stewardships is added to Auth0 staging tenant
-// import { SCOPES } from '@/security/scopes'
 import { AUTH0_CONFIG } from '../../../conf'
 import { oauth2Middleware } from '../middlewares/oauth2Middleware'
-// import { requireScopes } from '../middlewares/requireScopes'
+import { requireScopes } from '../middlewares/requireScopes'
 import { staticApiKeyMiddleware } from '../middlewares/staticApiKeyMiddleware'
 
 import { memberOrganizationAffiliationsRouter } from './affiliations'
@@ -31,8 +30,7 @@ export function v1Router(): Router {
     /^\/packages:batch-stewardship\/?$/,
     oauth2Middleware(AUTH0_CONFIG),
     packagesRateLimiter,
-    // TODO: restore once read:stewardships is added to Auth0 staging tenant
-    // requireScopes([SCOPES.READ_STEWARDSHIPS]),
+    requireScopes([SCOPES.READ_PACKAGES, SCOPES.READ_STEWARDSHIPS], 'all'),
     safeWrap(batchGetStewardship),
   )
   router.use('/packages', oauth2Middleware(AUTH0_CONFIG), packagesRouter())

diff --git a/backend/src/api/public/v1/packages/index.ts b/backend/src/api/public/v1/packages/index.ts
@@ -1,11 +1,10 @@
 import { Router } from 'express'
 
 import { createRateLimiter } from '@/api/apiRateLimiter'
-// TODO: restore once read:packages + read:stewardships are added to Auth0 staging tenant
-// import { requireScopes } from '@/api/public/middlewares/requireScopes'
+import { requireScopes } from '@/api/public/middlewares/requireScopes'
 import { safeWrap } from '@/middlewares/errorMiddleware'
+import { SCOPES } from '@/security/scopes'
 
-// import { SCOPES } from '@/security/scopes'
 import { getPackage } from './getPackage'
 import { getPackagesMetrics } from './getPackagesMetrics'
 import { listPackages } from './listPackages'
@@ -16,27 +15,11 @@ export function packagesRouter(): Router {
   const router = Router()
 
   router.use(rateLimiter)
+  router.use(requireScopes([SCOPES.READ_PACKAGES, SCOPES.READ_STEWARDSHIPS], 'all'))
 
-  router.get(
-    '/',
-    // TODO: restore once read:packages + read:stewardships are added to Auth0 staging tenant
-    // requireScopes([SCOPES.READ_PACKAGES, SCOPES.READ_STEWARDSHIPS], 'any'),
-    safeWrap(listPackages),
-  )
-
-  router.get(
-    '/metrics',
-    // TODO: restore once read:packages + read:stewardships are added to Auth0 staging tenant
-    // requireScopes([SCOPES.READ_PACKAGES, SCOPES.READ_STEWARDSHIPS], 'any'),
-    safeWrap(getPackagesMetrics),
-  )
-
-  router.get(
-    '/detail',
-    // TODO: restore once read:packages + read:stewardships are added to Auth0 staging tenant
-    // requireScopes([SCOPES.READ_PACKAGES, SCOPES.READ_STEWARDSHIPS], 'any'),
-    safeWrap(getPackage),
-  )
+  router.get('/', safeWrap(listPackages))
+  router.get('/metrics', safeWrap(getPackagesMetrics))
+  router.get('/detail', safeWrap(getPackage))
 
   return router
 }