diff --git a/app/controllers/Challenge.scala b/app/controllers/Challenge.scala
index f6a280b42e03f..c6fdfdfb9461c 100644
--- a/app/controllers/Challenge.scala
+++ b/app/controllers/Challenge.scala
@@ -234,17 +234,26 @@ final class Challenge(env: Env) extends LilaController(env):
   def apiStartClocks(id: GameId) = Anon:
     Found(env.round.proxyRepo.game(id)): game =>
       val accepted = OAuthScope.select(_.Challenge.Write).into(EndpointScopes)
-      (Bearer.from(get("token1")), Bearer.from(get("token2")))
-        .mapN:
-          env.oAuth.server.authBoth(accepted, req)
-        .so:
-          _.flatMap:
-            case Left(e) => handleScopedFail(accepted, e)
-            case Right((u1, u2)) =>
-              if game.hasUserIds(u1.id, u2.id) then
-                env.round.roundApi.tell(game.id, lila.core.round.StartClock)
-                jsonOkResult
-              else notFoundJson()
+      def startNow =
+        env.round.roundApi.tell(game.id, lila.core.round.StartClock)
+        jsonOkResult
+      if game.hasAi
+      then
+        getAs[Bearer]("token1")
+          .soFu(env.oAuth.server.auth(_, accepted, req.some))
+          .mapz:
+            case Left(e)                                      => handleScopedFail(accepted, e).some
+            case Right(a) if game.hasUserId(a.scoped.user.id) => startNow.some
+            case _                                            => none
+          .getOrElse(notFoundJson())
+      else
+        (getAs[Bearer]("token1"), getAs[Bearer]("token2"))
+          .mapN(env.oAuth.server.authBoth(accepted, req))
+          .so:
+            _.map:
+              case Left(e)                                          => handleScopedFail(accepted, e)
+              case Right((u1, u2)) if game.hasUserIds(u1.id, u2.id) => startNow
+              case _                                                => notFoundJson()
 
   def toFriend(id: ChallengeId) = AuthBody { ctx ?=> _ ?=>
     Found(api.byId(id)): c =>
diff --git a/modules/oauth/src/main/OAuthServer.scala b/modules/oauth/src/main/OAuthServer.scala
index 5b8cb19ce46ee..8a42a4194004d 100644
--- a/modules/oauth/src/main/OAuthServer.scala
+++ b/modules/oauth/src/main/OAuthServer.scala
@@ -57,10 +57,9 @@ final class OAuthServer(
               else fuccess(OAuthScope.Access(OAuthScope.Scoped(u, at.scopes), at.tokenId))
           }
       }
-      .dmap(Right.apply)
-      .recover { case e: AuthError =>
-        Left(e)
-      }
+      .dmap(Right(_))
+      .recover:
+        case e: AuthError => Left(e)
 
   def authBoth(scopes: EndpointScopes, req: RequestHeader)(
       token1: Bearer,