which secure function is used by Function app ?

 User claims 

Azure AD uses JSON based tokens ( JWTs ) that contain claims.

How a web app delegated sign-in to Azure AD and obtains a token ?

User authentication happens via the browser. The OpenID protocol uses standard HTTP protocol messages.