There’s a special condition you can choose to handle for xAuth in this case – we recently updated the xAuth documentation to reflect this: [node:136]. (note the new “login verification” section).
If you’re using the web-based OAuth flow, login verification is handled as part of that – though there is currently a bug with the usage of the force_login=true parameter that is working toward resolution.
