Hello @David and thanks for reaching out. Azure AD application do not impersonate users but can act on their behalf. To get a user access token securely it's recommended to user an interactive approach such as the authorization flow. This can also provide a refresh token which can be exchanged by a new access and refresh token set thus reducing the credential prompting.
If you cannot authenticate interactively then the other option is to authenticate like an app using the client credentials flow. Keep in mind app permissions are high level permissions and must be carefully configured.
Let us know if you need additional assistance. If the answer was helpful, please accept it and complete the quality survey so that others can find a solution.