An OAuth 2 access token is like a hotel-room key card.
It gives access, all by itself without further checking, to a particular resource (in this case, room 238 at the Omni Interlocken in Denver.) Check.
It’s issued to a particular person, who has to be authenticated first (like by showing my driver’s license at the check-in.) Check.
Nothing on the outside tells you who it’s been issued to or what it’s for. Check.
It’s not obscured or encrypted, so you have to take good care of it (if a bad guy got it and knew what it was for, he could get into my hotel room and rob me blind.) Check.
You can give it to someone else and have them access the resource for you (like giving a colleague the card and asking them to go up to your room and get the VGA dongle that you stupidly left on the desk.) Check.
If you lose it, you can go back to the issuer and get another one which is functionally identical (somehow it wasn’t there when you got back from the bar, but the front desk can get you another, assuming you have your wallet and ID.) Check.
It expires after a while. (I gave it back to the front desk when I left because I knew it wouldn’t be useful any more.) Check.