Oauth is mostly used by AutomationOnDrive. MppDevices don't use oauth.
AM uses oauth under the covers when you give it permission to send gmails.
AoD and AM Remote OnDrive (and the google home support) work with an app & service I publish called "wemoremoteapp". You'll see that you need to grant permission to use this app when you enable AoD. It uses scripts to write to your google drive account and to send google cloud (firebase) messages to/from AM Remote and the web app. If you use the AoD web app from a browser you'll need to give permission for it to use the scripts on "wemoremoteapp" as well - it uses those to build the location page and send requests. The android apis use oauth under the covers to protect communication to those scripts which run under your google id (so I don't have any access to the data, it's all in your account).
I've extended "wemoremoteapp" so it can talk to the google assistant/home service to report device states and to accept actions (voice or manually in Google Home).
The oauth relationship for this is between google and "wemoremoteapp". I've got approval from google to trust wemoremoteapp to provide devices to google home, and I've given google credentials to allow it to call back in to the wemoremoteapp to request changes (e.g. turn a switch on or off). To work it uses the same google cloud messaging (firebase) to talk to AoD to execute the commands, and AoD reports state changes to wemoremoteapp which then tells google home.
Everything is protected by SSL/TLS, encryption, and signatures based on secret keys and oauth tokens (which expire quickly).
The approval I'm trying to get from google is to allow me to publish the AM function to the google assistant catalog so you'll be able to register to use it via google assistant "add device".