OAuth assumes the caller already has a login in your customer identity system — or in an authorization server you trust. It's a framework for issuing tokens to users you've already onboarded, and it speaks in scopes against accounts you've already provisioned, not in claims about a stranger.
x401 sits one layer earlier, where the caller may have no relationship with your system at all. The verifier tells the agent what claims to prove at the route boundary, any compliant wallet can fulfill that, and OAuth Token Exchange is available as an optional final leg so subsequent requests don't re-present the credential. OAuth becomes the post-proof handoff, not the whole protocol.
Looking for more depth? See how it works or read the spec.