Provide more guidance in API authorization documentation about receiving the authorization code

[robertknight]

The documentation on how to use h's OAuth support at https://h.readthedocs.io/en/latest/api/using-oauth/ says:

After the user authorizes the application, it will receive an authorization code via a call to the redirect URI

1. We should provide an example of what this callback would look like for both a normal web application
2. We should include links to relevant documentation and links regarding how to use this in a Chrome extension, since this is non-obvious. For Google Chrome extensions the relevant documentation is https://developer.chrome.com/apps/app_identity#non, specifically the "Non-Google account authentication" part.
3. The method of authentication that the client uses, a custom flow which involves window.postMessage rather than a redirect and which is more convenient to use for single-page applications than a redirect, is not documented at all.