We use the Zoho OAuth API's response to authenticate users in our app (RoloCRM). Our approach works for most of the accounts but is failing for a few users.
We have listed the steps below, with the APIs used in our app during login.
Step1: We use v2 of the Zoho OAuth API for login and get basic details.
Step2: Once we get the access & refresh token, we call below api to get currently signed in user's email and zoho-user-id.
Step3: We call below api to get currently logged in user's organization id.
In step2, we receive currently logged in user's zoho-user-id. We expect this to be same across different zoho teams.
Is this assumption valid?
Example:
In one of our example, same user has 2 registered zoho organizations with 2 different email ids(Email1 and Email2).
1. User validated email1 with zoho, in step2 we get "zohouserid1" and in step3 we get "zohoorgid1"
2. User validated email2 with zoho, in step2 we get "zohouserid1" and in step3 we get "zohoorgid1"
We are getting same zohouserid and organization id for two different emails (belongs to same user).
Is it possible to get actual organization id and user id based on the logged in user's email?