Understanding x-Frigg-appUserId and x-Frigg-appOrgId

[joncodo]

Overview

Understand this comment from @seanspeaks :

To actually integrate Frigg into your application well, I've settled on a default approach of having all Management API requests expect x-Frigg-appUserId and x-Frigg-appOrgId headers, which invokes the loadUserManager middleware, which finds or creates the provided users by corresponding ID. "App" in this case is "your app".

Here is what I think this means

• There are two headers you can use if you don't want to use the frontend (x-Frigg-appUserId and x-Frigg-appOrgId )
• You make all requests by passing these headers in
• These headers are maintained by your own application and are not stored in the frigg db
• userId is the way you identify a user in your system IE: [email protected]
• orgId is anything you want to group users: IE: admins
• By loading up the loadUserManager, you then make a copy of this data in the frigg db

Here is why I think we may need this

• We need a way to authenticate users to make sure they are authorized to use frigg
• Since we are using serverless, we have no session state of a user between requests and we need this info in order to know which user is making which request
• We need the user ID from a third party to know how to make requests to that third party: IE: GET salesforce.com/[email protected]/contacts