OAuth is such a bad standard, if you even want to call a loosely cross-referenced bundle of RFCs that, only thinly obscuring the real message: "Leave this to the professionals and just use our custom libraries, or maybe an authentication SaaS".
In my opinion the text to code ratio is just really high. The standard itself isn't even that complex but hidden behind a huge wall of text. It's a bit sad that the most readable OAuth2 docs are from auth0.com.
The message would in principle even make sense if there was a real-world standard that was consistently adopted. Then not every SaaS would have to implement OAuth2 for the millionth time...
