I’m happy you find it useful.

You’re right, the 2nd step could be called “redirect to authorization endpoint” from a client or authorization server perspective; or “redirect to login page” from a user perspective.

The 8th step is not a redirect, it is an HTTP Post and it is performed server-to-server. It could be called “validate the authorization code you issued and give me the access_token” from a client perspective. Or “send me the authorization code, I will validate it and return an access_token” from the Authorization Server perspective.

The value of the endpoints /authorize or /token depends on the OAuth server implementation.

Hope to have answered your question.