There are multiple scenarios in which you might be using Autodesk Authentication to log-in a user
a) Use Autodesk log-in to access Autodesk based resources
This is the most common and obvious use of the Autodesk Authentication: you enable the user to log-in using their Autodesk account and you provide them access to their Autodesk based resources like storage (BIM 360 Docs, Fusion Team, etc), or other resources (data from Fusion 360 Manage, Model Derivative service, etc)
That's what most of our samples and tutorials do, so you can have a look at any of them:
e.g. https://forge-tutorials.autodesk.io/tutorials/hubs-browser/
b) Use a different log-in system to access Autodesk based resources
Often a company already has its own log-in system (maybe based on Microsoft Active Directory, Google, etc) and they want to enable the users to access their Autodesk based resources as well without them having to log in using their Autodesk account each time.
You can achieve this by keeping track somewhere (most likely some database) of which user account is using which Autodesk account, and then store the relevant refresh token, so that you can generate a new access token for those users whenever you want to access their Autodesk based resources.
They will only have to log in once using their Autodesk account and from then onwards you can generate a new access token for them when needed:
About Refresh Token
c) Use Autodesk log-in as the main authentication system
If you don't already have an authentication system in place, or all your users already have an Autodesk account anyway, then you may decide to rely on that to authenticate your users and restrict access to various resources on your own systems based on the Autodesk ID of the given user.
The access token provided by Forge already includes the Autodesk ID of the user it was generated for, so you don't even need to use the GET profile endpoint to find that out:
Debug access rights issues from access token
You'll find the Autodesk ID under userid:
