The 4th is to be able to make it possible to deploy the user-interface that is built using web components, into this HAPI FHIR backend. It is not to build the UI by yourself.
It is not a third-party OAuth. But the Toolkit to be a OAuth service provider, so that apps can use it as OAuth and authenticate into the Toolkit-based EHR.
These are packaged zip files that can be deployed to add new webservices into Toolkit, besides the HAPI FHIR ones.