> Since the defaults are to grant everything, I figured allowing
> third-parties to restrict the grant wouldn't be a big deal. IOW, if a
> third-party has the choice between getting all grants without a
> warning, and restricting the grants with a scary warning… We're
> creating an intensive to not restrict the grants. I don't feel
> strongly about it, but I think this is worth pointing out.
There's a difference between alert-info and alert-warning. The goal is
just to explain what's going on, and perhaps to dissuade them from
making any changes that might break the program they're issuing a token
for. Maybe we should make the form read-only in this situation, too?
I think we should adjust the UI a bit in this situation so that users
know what's going on. Let's open the details element and add an
alert-info which explains that they followed a URL which pre-filled the