Basically just what the topic says.
When authenticated via OAuth, I can do absolutely anything I need to-- I can make queries and changes all day, and I ASSUME that if I tried to do something I wasn’t allowed to, the app would properly forbid that though I haven’t tested it (it would be pretty pathetic if it didn’t).
The only (major) problem is I have no idea how to get any information about the user making the requests. It returns the auth key. The auth key lets them make requests. But other than that it’s anonymous.
The point of me trying to use OAuth is so that I can make a management side-car app that runs alongside bog-standard infusionsoft, allowing our lead people to automate repetitive tasks (such as ones that access external APIs) with a single click. But I need to be able to log the changes they make for auditing and to ensure that they’re able to take ownership of objects if they have a need to. I can’t make that work if I can’t tell who they are.
I understand that infusionsoft IDs are agnostic with regard to the app they’re used on, so it makes sense that the actual UserID is not returned by default (though it looks like if I could get the GlobalUserId of the OAuth’d user I could resolve that conundrum).
I’m using node.js with the passport and passport-infusionsoft packages.
Thanks in advance.