by John Okely.
Oauth providers can return any email address there is no need for them to ensure it truly belongs to the owner of the account first. But for moodle's purposes, we need to know for sure the email belongs to the person trying to log in. In some cases they report an unverified email. So moodle prevents people from doing this by forcing a email verification step.
https://tracker.moodle.org/browse/MDL-58544 is the issue to add the ability to turn off this verification