Only verified should be able to use OAuth signin

To help cercumvent spam, check users are verified before proceding to allow login to 3rd parties.

config/initializers/doorkeeper.rb

@@ -10,10 +10,11 @@
 
   # This block will be called to check whether the resource owner is authenticated or not.
   resource_owner_authenticator do
-    # raise "Please configure doorkeeper resource_owner_authenticator block located in #{__FILE__}"
-    # Put your resource owner authentication logic here.
-    # Example implementation:
-    User.find_by_id(session[:user_id]) || redirect_to(signin_url(goto: request.fullpath))
+    if current_user and current_user.verified?
+      current_user
+    else
+      redirect_to(signin_url(goto: request.fullpath))
+    end
   end
 
   # If you didn't skip applications controller from Doorkeeper routes in your application routes.rb