if the library is implementing oauth 2.0, that explains what the library is trying to do.
how it's implemented... well that's an implementation detail, that most often one couldn't understand without the domain knowledge (unless it's something "trivial" like an off-by-one in some string comparison or something like that).
Yes, that "domain knowledge" is kinda important when you're trying to debug a blob of code that results in random permission errors after OAuth request.
The "implementation details" are what we're tasked with implementing ;)
