This is a sad problem especially for my website logins. This is the solem reason why I don't put "Login with Twitter" among Facebook, Windows Live and Google Logins. I need my website users to be real, not some spammer account who has not got an email verified and checkable. No, I don't really care if they are real Identities, I just want a human is controlling them after they register. I don't send emails to my users but it is yet another way for a controlled enviroment.
If I just put "Login with Twitter" and request email on my application, that would be "Login Twitter" -> Go check your email -> Verify it first to "register".. Even though it is possible, much longer process and not different than normal login... Also since they will be unverified member, I will not store their profile picture also.
Also I can not be sure if the same email used for registration to Twitter to prevent double registration etc.
It's too much pain, add Oauth 1.0 registration pains instead of Oauth 2.0 "code" queries, its definitely raises question "worth the effort?"
Would be sweet if email_verified and email sections in API ofcourse with permission of user on Authentication dialog...