Removing OAuthUser would make life easier when dealing with users. Consider the use case where you would like to let users that were created by dalicore-social (by connecting to an ExternalNetwork) to be used in combination with dalicore-oauth. This is currently not possible as dalicore-social creates regular User objects, while dalicore-oauth requires all User interactions to be done through OAuthUser objects.
The current OAuthUser only has one extra field that defines the DaliServiceConsumer it was created by. We haven't had a use case for this requirement yet, so we could easily remove this field for now. That way we can remove OAuthUser entirely and just use instances of User in dalicore-oauth. Should the createdBy field be required in the future, then you would still be able to store this information as a Field on the User.
The other requirement is that a user in dalicore-oauth must implement the java.security.Principal interface. This is a small issue, since we can easily let User in dalicore-ejb implement this interface as well. This has the added benefit that we get a step closer to adding support for java identity management.