I’m going to explain about behavior of 3-legged OAuth in simple way.
Just look at this.
Lets think one of web applications call MyApp need to access my Facebook photos.
In this example: Resource Owner – me, Consumer – MyApp, Service Provider – Facebook.
Now try to compare this example with above explained scenarios.
1. – MyApp request temporary token form Facebook.
2. – Facebook give the temporary token to MyApp.
3. – MyApp will redirect to the Facebook login page to Autorize the Token.
4. – Me login to the Facebook and Grant access to MyApp
5. – Conform about Authorization to Me
6. – MyApp Request Access Token from Facebook.
7. – Facebook issue Access Token
8. – Request to Access the photos in my Facebook account.
9. – Issue the protected photos.
This is another simple example find out from Google