For me, OAuth was straightforward to understand once I realised that it's basically like a PKI with very short-lived certificates.