Through where did you attempt to contact and get permission?
Speaking generally, almost no one gets permission to use that flow since it basically defeats the security provided by OAuth and in most cases the same outcome can be accomplished with other means. Personally I would not enter my credentials into a strange application unless I’m 100% sure I can trust the developer.