It's possible to get an OAuth token with an non-approved consumer, but it's not possible to actually use it: calling the API results in
{u'servedby': u'mw1148', u'error': {u'info': u'The authorization headers in your request are for an OAuth consumer that is not currently approved', u'code': u'mwoauth-invalid-authorization-not-approved'}}
This makes it impossible to test API interactions before the consumer has been approved. Not a huge issue, but it would be easier if one could test different wiki/privilege settings before asking for approval.
Version: master
Severity: minor