Please have a look at https://github.com/SpringSource/spring-security-oauth/pull/19
I've added ClientTrustStrategy interface responsible for deciding whether to skip confirmation page for a given response_type.
This interface has one method canSkipApproval(AuthorizationRequestHolder requestHolder) which has access to both the authorizationRequest and the authenticated user, which makes it possible to customize the behavior in a lot of ways.
One particular use case that I am personally very interested in is the ability to prompt the user for approval only once for a given client.
I have preserved current behavior by implementing ImplicitClientTrustStrategy, which allows implicit grant type to bypass comfirmation, and forces confirmation for authorization_code grant type.
What do you think?