My NSL detector is off the charts here.

> impersonation tokens, called “Actor tokens”, that Microsoft uses in their backend for service-to-service (S2S)

Literally every single "security" framework uses God-mode long-lived tokens for non-human identities.

(Except for SPIFFE, but that's a niche thing and used only for Kubernetes bullshit.)

The whole field of "security" is a farce staffed by clowns.