I can't give you a detailed answer right now about why i like it, but if I have to say it short: I read much about the whole topic and your blog posts were maybe the second posts and texts I read which went into details with why you would use what technics. You cited RFC flows, Best Practices etc. So you at first built a little trust to the user by informing him and now I trust in your library to work exact like you lined out one should do authentication/authorization. Last thing to say you cover the whole thing with refresh- and accesstokens and provide fast support, or clarifications of techniques. No native english speaker here so hopefully you understand this monstrosity of a sentence.