we're developing a web application which relies heavily on RESTful data queries.
For this, we are having different APEX users (they are each a distinct user of the application) who we associate to certain projects.
We perform authorization via the built-in OAuth2 functionalities, actually via the code-protocol flow to issue a bearer token.
Now when the actual REST query is performed, we cannot use APEX_UTEL_CURRENT_USER_ID or anything like it to return us the desired information
What way is there to get the user associated with the given token?
Our idea was to get the Token from the request header and search for it in a "Token Table", but unfortunately, we have no idea where (and if) the tokens are stored.
How can we not only generally restrict or grant access to RESTful web services but deliver a result containing only the data the user has access to?
Thanks in advance!
We found the solution, it's actually pretty simple:
Just use the property: ":current_user"