Meta now requires 5 edits for autoconfirmed status (since T211188) and OAuth requires autoconfirmed to create consumers (to propose them for review, post gerrit 316302).
On one hand, the OAuth admin interface is not well equipped for handling spam, so some minimal protection agains abuse makes sense.
On the other, requiring people to make meta edits just to be able to propose a consumer is a bit ridiculous.
Instead of autoconfirmed, it should probably have its own check, based on cross-wiki editcount, not meta. Or maybe for non-autoconfirmed users there should be a captcha.