Low-risk OAuth consumer (app) registrations should not be blocked by a human approval process. Waiting on approval for a consumer for days is disruptive to development work and often not necessary.
The current working definition of "low-risk" includes consumers which only use the following grants:
- User identity verification only, no ability to read pages or act on a user's behalf.
- User identity verification only with access to real name and email address, no ability to read pages or act on a user's behalf.
- Basic rights
This is expected to be further discussed and somewhat widened over time.
- T290790: Group OAuth grants by riskiness
- T159789: Include information about OAuth app review process and criteria into the interface (for somehow indicating to the user that their choice of grants will result in more delay)