Similar to the recent change to require email confirmation/verification
for the OAuth Authorize GET (:new) endpoint, require the same
for the OAuth Authorize POST (:create) endpoint. This will prevent
forcing a POST request to authenticate to an external service
with an unconfirmed email address.