In our case http://googlecodesamples.com/oauth_playground is the OAuth consumer app and GMail is the service provider.
OAuth consumer needs to be pre-registered at the service provider - let's keep the OAuth parameters as they are.
With OAuth, there are two types of tokens used: request tokens and access tokens.
Request tokens are used to verify consumer registration with the service provider and get end user authorization, after which they can be exchanged for an access token.
First - OAuth consumer needs to request a 'request token'. As a response to this, the service provider will return an unauthorized request token.
Then the consumer will redirect the user to the service provider - and he can authorize the request. [After the step 4, you'll get to the image one before the last]
Once user authorized the request, consumer gets an authorized request token.
Now, in step-5, consumer exchanges the authorized request token for an access token.
The access token received in response to this request is used to request data from the service provider.