[Suggestion] Make the protocol example clearer from the consumer point of view
Currently the protocol example at https://bitbucket.org/david/django-oauth-plus/wiki/protocol_example might be a little bit misleading.
For example the section "Obtaining an Access Token" contains the line
access_token = list(Token.objects.filter(token_type=Token.ACCESS))[-1]
access_token is later used to generate signature. This is on consumer side so the consumer does not have access to that access_token via DB.
In general the example is based on co-location of consumer and provider. It would be nice to have a clear distinction between the code on consumer side and provider side.
Also the negative cases could have been moved to a separate page/chapter. Having a single positive scenario would make the example easier to follow.