First of all thank you for such an extensive response! Let me answer your feedback:
I don’t fully agree. Let me bring GitHub as a counterexample. GitHub supports both OAuth and PATs, each used for different purposes. OAuth is used for authorizing external services to use your account in a limited way, while PATs are used for authorizing yourself. This provides flexibility and does not complicate local scripts with the OAuth workflow (PATs can run on OAuth under the hood, which is transparent to the developer).
I believe your table misses some crucial steps. Let me create a working side-by-side code comparison (OAuth at the top, PAT at the bottom):
https://gist.github.com/Zaczero/74bdfc57318aef8794f2bbfd2b43a484
The code provided by you, as already pointed out, does not run, and even if it did, it would probably require a desktop interface and user interaction (to approve login on OSM website), which is missing on many servers where the scripts usually run.
(i have zero idea why the error message is in a different language)
I don’t know any public API that would require OAuth for script authorization. That’s why I call it unusual.
I believe there is some misunderstanding between using OAuth 2.0 for scripts and for user-facing applications. Using OAuth 2.0 for 3rd party authorization grants is perfectly fine but that’s not what this post is about.
I don’t, but I believe sooner or later it will come down to this, and I would love everyone to avoid unnecessary stress. Frankly speaking, for the Python port, it’s easier to support just OAuth 2.0 than OAuth 2.0 + PATs, but I highlight this issue for the good of the community. 