I'm now using API with OAuth clients for some tasks for semi automated.
However, currently can not global block or remove that via API with OAuth Clients due to not defined related GrantPermissions for CentralAuth.
Of course, I can use APIs if I set a main session to bot. but I don't want share my main sessions with bot for insecure.
For this, I propose to define a related GrantPermissions (centralauth-lock, centralauth-oversight).
If we had this, we do not need to share a passwords or an user sessions with bots for using automated process.
It means we can be improve our security for user not sharing password with bots or similar .