OIDC-Conformant Adoption: Delegation
Traditionally, delegation is used to:
exchange an ID token issued to one application for a new one issued to a different application.
get a fresh ID token using a refresh token.
exchange an ID token for a third-party (e.g., Firebase, AWS) API token.
Because the OIDC-conformant pipeline requires that ID tokens no longer be used to secure APIs and refresh tokens be used only at the token endpoint, the Delegation endpoint is deprecated.
OIDC-conformant applications cannot be the source or target of delegation requests.
Because no OIDC-compliant mechanism exists to get third-party (e.g., Firebase, AWS) API tokens, delegation can still be used to obtain third-party API tokens.