Does OAuth Have Legs?

Some folks have been asking, "what's all this stuff about legs in OAuth?" and "I don't understand the difference between 1, 2, and 3 legged OAuth?"

I have put together a flow-chart to try and show, from a client app perspective, what constitutes a 1, 2, or 3 legged authorization (click on image to enlarge).

Basically the rule of thumb is, each time you make a request response within the OAuth protocol, that is one leg. Note that in the diagram the [4.xx] numbers represent the relevant paragraph from the draft 13 specification.

[Update: Corrected diagram decision box,authorization box]