It supports both 'installed app' and 'service account' flows. The user can use each of these seamlessly.
The use case is to simplify supporting a client app to use either a role account (via a private key) or impersonate a user (via a client key). HTTP token renewal is done automatically and transparently.