> ## Documentation Index
> Fetch the complete documentation index at: https://docs-dev-actions-triggers-prototype.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

> Learn how the OIDC-conformant pipeline affects your use of delegation.

# Delegation with OIDC

<Warning>
  By default, delegation is disabled for tenants without an add-on in use as of 8 June 2017. Legacy tenants who currently use an add-on that requires delegation may continue to use this feature. If delegation functionality is changed or removed from service at some point, customers who currently use it will be notified beforehand and given ample time to migrate.
</Warning>

Traditionally, delegation is used to:

* Exchange an <Tooltip tip="ID Token: Credential meant for the client itself, rather than for accessing a resource." cta="View Glossary" href="/docs/glossary?term=ID+token">ID token</Tooltip> issued to one application for a new one issued to a different application.
* Get a fresh ID token using a [refresh token](/docs/secure/tokens/refresh-tokens).
* Exchange an ID token for a third-party (e.g., Firebase, AWS) API token.

Because the OIDC-conformant pipeline requires that ID tokens no longer be used to secure APIs and <Tooltip tip="Refresh Token: Token used to obtain a renewed Access Token without forcing users to log in again." cta="View Glossary" href="/docs/glossary?term=refresh+tokens">refresh tokens</Tooltip> be used only at the [`/oauth/token`](https://auth0.com/docs/api/authentication#refresh-token) endpoint; the [`/delegation`](https://auth0.com/docs/api/authentication#delegation) endpoint is deprecated.

OIDC-conformant applications cannot be the source or target of delegation requests.

## Third-party APIs

Because no OIDC-compliant mechanism exists to get third-party (e.g., Firebase, AWS) API tokens, delegation can still be used to obtain third-party API tokens.

## Learn more

* [Access Tokens with OIDC](/docs/authenticate/login/oidc-conformant-authentication/oidc-adoption-access-tokens)
* [External APIs with OIDC](/docs/authenticate/login/oidc-conformant-authentication/oidc-adoption-apis)
* [Authorization Code Flow with OIDC](/docs/authenticate/login/oidc-conformant-authentication/oidc-adoption-auth-code-flow)
* [Client Credentials Flow with OIDC](/docs/authenticate/login/oidc-conformant-authentication/oidc-adoption-client-credentials-flow)
* [Refresh Tokens with OIDC](/docs/authenticate/login/oidc-conformant-authentication/oidc-adoption-refresh-tokens)
* [Single Sign-On with OIDC](/docs/authenticate/login/oidc-conformant-authentication/oidc-adoption-sso)