Check user login before checking its scopes

It seems an error is sent to the user through the API if some scopes are needed - even if they are not authenticated.

See https://gitlab.com/arkindex/requests/-/issues/345 for details & STR