Create a limited use code (auth code) to share authentication
with connected apps and tools.
The code is tied to the caller session,
and will be expired with any of the caller's sessions.
Currently a code cannot be created for a client JWT
(from /network/auth-client
).
This is a subset of an OAuth flow.