...
The first approach validates the user (OIDC) - but using IM, we can also validate the application.
Hybrid Model:
This is a combination of openID connect and Token based connect models and hence advantages of both user and application authentication. Obviously it has more infra requirements but much more robust model. The Backends token passing to called BB through IM ensures a valid registered application is sending the request. In addition, the called BB authenticates a valid user with the identity server.
...