Here's some background on the difference between the old and new authentication methods:
All Googly things are considered separate services, associated with a Google
account. So, there is no "Google Voice password", per se, but a Google account password that allows the authorized user to access everything on that account, such as Gmail, Calendar, Maps, Google Voice, Hangouts, buying stuff on the Play Store, etc.
Originally, you gave the OBi full sign-on access to your entire Google account -- not a great idea.
Now, you log into your Google account, and give specific, limited permission to access one or more services available on your account. So, in the case of OBiTALK, it asks you for permission to access the Google Voice/Hangouts service. The OAUTH 2.0 token that is generated and exchanged grants just that limited access. It can't access, for example, read your email, view your calendar or buy a video.
If you have an OBi IP phone, and you want to import your Google Contacts, then a separate OAUTH 2.0 token is exchanged, giving access to your contacts.
See the two screenshots below. It's a good idea to periodically review the apps and devices that have permission to access your account. You can view and delete those permissions on this page:
https://myaccount.google.com/security#connectedapps