There’s really no advance notice we would give on this – as the expectation is already that you aren’t scraping the PIN code, as it’s a total violation of the spirit of OAuth.
I know you perceive it as “easier” but it doesn’t really matter what experience you want to provide to your users, the specific OAuth flow is there for a reason.
Tokens obtained through this means have always been forbidden and if you had any apps that used scraping of the PIN would be subject to suspension with all access tokens revoked – if you’re taking this approach, there’s no way for us to continue to consider those access tokens as validly obtained.
