Delegation with OIDC
Traditionally, delegation is used to:
Exchange an ID token issued to one application for a new one issued to a different application.
Get a fresh ID token using a refresh token.
Exchange an ID token for a third-party (e.g., Firebase, AWS) API token.
OIDC-conformant applications cannot be the source or target of delegation requests.
Because no OIDC-compliant mechanism exists to get third-party (e.g., Firebase, AWS) API tokens, delegation can still be used to obtain third-party API tokens.