Comment by hirsin

It's rare in my experience. We don't support OIDC, so technically it's standalone oauth. In reality there's of course a user identity in the mix used to authorize the resulting access tokens.

Even server to server calls, ie daemons, service principals, what have you, still rely on a client identity.

I think the closest to true agentless access I've seen widely used are SAS for Azure Storage and of course deploy keys in GitHub, which we're building off ramps for. Agentless authz just is not a good idea