The authorize URI on the authorization server is where an OAuth 2.0 flow starts.
The redirect URI tells the issuer where to redirect the browser back to when the flow is done.
Every client (website or mobile app) is identified by a client ID.
Unlike a client secret, the client ID is a public value that does not have to be protected.
Clients can request additional information or permissions via scopes.
The state is an optional value that is carried through the whole flow and returned to the client.
It's common to use state to store an anti-forgery token that can be verified after the login flow is complete. Another common use is storing the location the user should be redirected to after logging in.
A nonce (or number used once) is a random value that is used to prevent replay attacks.