To set up IRIS as an authorization server, you will need to set up the necessary configurations in System Administration>Security>OAuth2.0>Server Configurations. Many of these will depend on how you want your application to be interacting with the authorization server. There are also a few classes in %OAuth2.Server.* that you can overwrite to customize the authentication or validation process. For example, setting it so only certain users can request tokens.
To set up IRIS as a resource server, you will want to set up IRIS as a OAuth2.0 Client and specify the type as "Resource Server". You'll need to make sure that validate the access token.
More information can be found in documentation under "Identity and Access Management"
These endpoints only return the url. They need to separately be sent as a HTTP request in your authorization process.
GetAuthorizationCodeEndpoint() needs to be called from a valid %session. One way to do this is extend from %OAuth2.Login.