/games/{game-id}/mods needs details on status for non-OAuth2 queries

[leper]

If I query for mods without OAuth2, are the results only those with status "auth" (as it is listed as the default)?

It would be nice if one could ask for "auth" and "unauth" (so "auth+unauth" but not any of "ban", "archive", or "delete") without using OAuth2. I'd like to provide users access to mods that have been checked by developers (possibly by default, after notifying users that they will connect to the internet and whatnot), but I'd rather not list every mod there for security reasons.

(Our mods include scripts, which might be malicious, and I'd rather not expose users to such mods without a big warning telling them that they might be putting their machine at risk. So only listing mods checked by some of our developers would be the right thing to do. There aren't a whole lot of scripts in most mods we've seen so far, and if there are more than that they most likely have been written by someone on the team.)

Also how does the process of marking a mod as "authorized" work, the only 3 occurances of "authorized" in the documetation are twice in the status description, and once for a 401 response code.