Full Title or Meme
Based on the protocol selection of OpenID Connect or OAuth, the full solution is described in the Identity Model.
This is the definition in RFC 6749 The OAuth 2.0 Authorization Framework.
The authorization code is obtained by using an authorization server as an intermediary between the client and resource owner. Instead of requesting authorization directly from the resource owner, the client directs the resource owner to an authorization server (via its user-agent as defined in [RFC2616]), which in turn directs the resource owner back to the client with the authorization code.
Other protocols, like SAML are also available.