Application links allow you to configure 'impersonating' and 'non-impersonating' authentication types:

• Impersonating authentication makes requests on behalf of the user who is currently logged in. People will see only the information that they have permission to see. This is available for OAuth and Trusted Applications authentication, and should only be used when two applications share the same user base, typically managed with an external directory using LDAP.
• Non-impersonating authentication always uses a pre-configured user, and not the logged-in user, when making a request. The server handling the request determines the level of access to use based on the access permissions of that pre-configured user, and this is used for requests from all users. This is available for Basic HTTP authentication.