OAuth Server Roles

[API Dev]

Hello,

I would like to understand the responsibilities of the authorization and resource server while we implement OAuth2 auth code grant type for our multi-tenant enterprise web application. More importantly on how to handle authentication and authorization when there are two different components responsible for each. 

The deployment architecture of our application includes two components - login server & web. Both are separate artifacts that are deployed on glassfish app server. The login server is responsible for handling user authentication & authorization is being handled by the web application. The web application is also the resource server that exposes REST api's for some of the resources. The login server and the web applications share a common database for persistence.

The login server has the ability to also delegate authentication to a third party server provided by the client. This allows clients to enable different authentication protocols like LDAP, SAML, IWA etc. We also intend to expand this flexibility by providing the client the ability to integrate their own OAuth server so that the user management and token generation is completely done by the clients.

Given such a deployment I would like to get expert inputs on

1. Which component should be responsible for generating the auth code and the access token in the authorization code grant type implementation? This is important to understand so as to have clear separation of responsibilities between components

2. Are there OAuth2 implementation examples that I can refer to where the authentication and authorization is handled by different components?

Thanks