Hi, I'm still new to Oauth, but can you explain a bit further what exactly guardian is and what problem does it solve in a practical manner?

Essentially it mitigates having to code all of the oauth cruft, header generation, callback routing, oauth data management, parameter normalization details, by passing a generalized object to a plugin that then does all of the steps for you and simply returns the final keys.

So instead of doing 1, 2, 3, 4 and then finally in step 5 you get the keys. You do 1 (send object of data), 2 (get the keys). This way you aren't coding for any specific API oauth, it generalizes oauth and supports them under a massive umbrella that is the plugin system. So instead of doing Facebook(key, secret) and then doing some other actions such as setting up the Facebook OAuth callback etc, you just send a request to guardian who then delegates it and returns the keys.

I guess in a practical manner that would be how it works. If you want to know in-depth how it works check out the source. It's pretty readable and understandable. It's built on-top of mashape-oauth if you want a further source.