RFC claims that (Figure 1):
(A) The client requests authorization from the resource owner. The authorization request can be made directly to the resource owner (as shown), or preferably indirectly via the authorization server as an intermediary.
Does this mean that, upon request from the resource owner, an authentication protocol is not used? Or what does it mean?
This means that the client can request the resource onwer credentials in both ways: