oauth token as AAD / embed token API via AAD

Hello

We have found that is possible to embed reports in a way similar to "user owns data" scenario in wich the application handles the user authetication. It is not documented by Microsoft 

1. "user owns data" example: Authentication via Azure redirection, AAD token used for embedding
2. "app owns data" example: Authetication with username/password sent from the application. Since we used .Net Core we rely on oAuth. The bearer token is used with the Embedding API to generate embedding token
3. Undocumented: Authentication via Azure redirection, use Embedding API to generate embedding token. This makes little sense.
4. Undocumented: Authentication without user interaction (like 2, oauth), no use of embedding API. This is useful for embedding when you always show the same reports with the same data for multiple users, or you have a few users and they won't be prompted with the redirection.

We understand AD redirection is way more safe and reliable, but the oAuth could be used when user's login is unrelated to Azure.

• Are scenarios 3 and 4 supported? 
• Are there any difference between the token returned from the oauth POST and the AAD token returned when using redirection?

// oauth authetication
...
            using (var client = new HttpClient())
            {
                var result = await client.PostAsync(oauthEndpoint, new FormUrlEncodedContent(new[]
                {
                    new KeyValuePair<string, string>("resource", ResourceUrl),
                    new KeyValuePair<string, string>("client_id", ClientId),
                    new KeyValuePair<string, string>("grant_type", "password"),
                    new KeyValuePair<string, string>("username", username),
                    new KeyValuePair<string, string>("password", password),
                    new KeyValuePair<string, string>("scope", "openid"),
                }));

                var content = await result.Content.ReadAsStringAsync();
                var oar = JsonConvert.DeserializeObject<OAuthResult>(content);
                // Bearer token is the default
                return oar.AccessToken;
            }
        }
...

class OAuthResult
{
    [JsonProperty("token_type")]
    public string TokenType { get; set; }
    [JsonProperty("scope")]
    public string Scope { get; set; }
    [JsonProperty("expires_in")]
    public int ExpiresIn { get; set; }
    [JsonProperty("ext_expires_in")]
    public int ExtExpiresIn { get; set; }
    [JsonProperty("expires_on")]
    public int ExpiresOn { get; set; }
    [JsonProperty("not_before")]
    public int NotBefore { get; set; }
    [JsonProperty("resource")]
    public Uri Resource { get; set; }
    [JsonProperty("access_token")]
    public string AccessToken { get; set; }
    [JsonProperty("refresh_token")]
    public string RefreshToken { get; set; }
}