Hosted Auth

Different "parties" got involved

Identity provider (auth service provider e.g. Okta, Auth0 etc)
Service Provider (api endpoint)
Client App (e.g. ssr, spa, php app etc that serves the index.html etc)

SAML SSO Flow

Example flow

https://www.oauth.com/oauth2-servers/server-side-apps/example-flow/ (opens in a new tab)