Some apps are only intended for use by bots or a single user (as an alternative to storing a username and password). For those, they:
- Shouldn't show up in the approval queue (they should just be "approved")
- Shouldn't be able to be used by anyone but the original author
- The original author should get a consumer key/secret as if they had done the authorization as soon as they register it
- Authorization shouldn't work at all, esp. custom callback urls shouldn't be valid
- Maybe make this all available via the api?