I’ve found that one of the aspects of OAuth 2 that makes things harder to grok for folks are the various grant types (aka flows) and how they differ. It might be helpful to state explicitly here that what is specifically described here is the Authorization Code grant type (as opposed to e.g. the Client Credentials grant type).

We need the client_id and client_secret from step one

There’s no mention of client secret in part one?

It took more time to write this blog post than it did to implement the functionality discussed in this blog post.

Perhaps. How long will it take to proofread and edit?