when a user authenticate to Office 365 or Azure AD which has a thrid party Federate in between

which protocol is used and how the user is authenticated and authorized to use the application for example accessing exchange online

Is it like a company which has setup federation system to authentication users from on-premises to on cloud 

when a user initiates a session with an online service or application which requires authentication and authorization

then does it works like this

1.  user to online application - service

2. service redirects your not authenticated go to Azure AD for AuthN-AuthZ

3. Azure AD based on Federation settings configured asks user (browser) or goes to STS like PingFederate and asks for a user Authentication

4. Federation server like PingFederate based on its configuration could check with Active-Directory Server or which ever directory server it is

5. Once the Federation server has a confirmation from directory server it will generate a token because that is what it does

6. Now it will forward this token to Azure AD

7. Now what will happen

8. will Azure AD forward the same token it has got from Federation server

9. Or instead it will generate a new OAuth 2.0 based token and will this one to the Service - Application asking for user AuthN-AuthZ