So we had Private Access Tokens, then we had Private State Tokens, now we have Private Access Control Tokens. The landscape is a little confusing to say the least 
but hopefully this one actually becomes a cross-platform standard in all browsers. They explicitly call out using it for authenticating to services in the proposal:
Let users with a valid account encode their credentials privately into a token they can show/redeem in separate context for private access, with capabilities sites need like rate limiting to prevent token sharing, and potentially specifying private quotas so users can execute tasks of different sizes. These capabilities may be particularly important for private AI searches, where a user needs to prove they have an account in good standing, but do not want the search activity tied back to it.
That would be incredible to have, Kagi wouldn’t need their extension anymore probably. A VPN using this would be really cool too although I guess it would be limited to the browser.