Actually protocol flow diagrams would be extremely helpful for visualizing specs like that of OAuth 2 but there are only some partials works out there. As I’ve just implemented a client-side only OAuth 2 library, I can verify that you’re on the right track. But here is a catch:
oauth_token belongs to your client application (i.e. a desktop facebook reader) which authenticates your application (just like an ID). You submit this to get back a access_token, which is specific to your application and logged in user, which allows you to access restricted resources related to the user.
Here is a basic desktop app authentication process (taken from: http://developers.gigya.com/020_Developer_Guide/85_REST/OAuth2)
Actually a flow digram with timeline (from top to bottom, taken from: http://www.ibm.com/developerworks/web/library/wa-oauthsupport/?ca=drs-)
And finally the full procedure is: (taken from http://h2anetwork.org/ProjectDocs/DPI/DPI_Framework.html)
