Why is OAuth designed to have request token and access token?

Question

In the OAuth protocol, a service consumer will ask a user to authorize a request token in the service provider domain, then exchanges the request to

Answer 1

For usability and security reasons.

From the Beginner’s Guide to OAuth:

https://hueniverse.com/beginners-guide-to-oauth-part-iii-security-architecture-e9394f5263b5

... While mostly an artifact of how the OAuth specification evolved, the two-Token design offers some usability and security features which made it worthwhile to stay in the specification. OAuth operates on two channels: a front-channel which is used to engage the User and request authorization, and a back-channel used by the Consumer to directly interact with the Service Provider. By limiting the Access Token to the back-channel, the Token itself remains concealed from the User. This allows the Access Token to carry special meanings and to have a larger size than the front-channel Request Token which is exposed to the User when requesting authorization, and in some cases needs to be manually entered (mobile device or set-top box).

===

Note that this question is a dupe of

Why must we "change temporary credentials for token credentials" in OAuth?

If the explanation from the Beginner’s Guide isn't clear, then go read @npdoty's take on it .