On Wed, Oct 28, 2015 at 4:40 AM, Marcin Cieslak saper@saper.info wrote:
I think the point of the approval process is that I don't install OAuth app key in the application like Vicuña ( https://github.com/yarl/vicuna).
There is no clear consensus what to do with apps like this. One idea would be ever user needs to register it for themselves, but that of course wouldn't work with the permission queue.
Indeed - limit the app to the user who registered it, and auto-approve it (and maybe provide a more convenient alternative to browser redirects for getting the token which the application can use to edit). That's tracked in T87395 https://phabricator.wikimedia.org/T87395.