Authentication

Hi I have a following question:

why ServiceM8’s OAuth implementation differs from standard OAuth flows, where third-party applications typically don’t require the user to directly enter their username and password? Specifically, I’ve noticed that in some cases—especially for apps that are not public or listed in the Add-ons directory—the OAuth process requires direct ServiceM8 credential entry. Could you explain the reasoning behind this approach?

And whats are the ways of app approval to be able to use ServiceM8’s public OAuth flow (passwordless). How long it takes for approval?