@Martin Bilda If you have acquired a token via client credentials flow (using client ID and client secret), the token is issued to the application. Now, if you want to perform any task in application context, you need to configure Application Permissions.
However, if the application has to perform some action under User's context, you can still use the token issued to the application but you would need to configure Delegated permissions. For example, you can give Directory.AccessAsUser.All (Access directory as the signed in user) so that the application can access the directory under signed-in user's context.
A simpler example is, if you want to post same picture to your Instagram and Facebook timeline but don't want to upload the picture twice, you can grant delegated permission to Instagram API on Facebook App so that Instagram API can post the picture on your behalf (using application token) to your Facebook timeline. If you use user token (acquired by using username password), you would need to upload the same picture on Instagram and Facebook timeline individually.
Hope I covered all your quesitons.
-----------------------------------------------------------------------------------------------------------
Please "Accept as answer" wherever the information provided helps you to help others in the community.