This type of behavior is not generally supported. If you already were to possess the user's id, you could make S2S calls with your app secret to get the rest of that user's information.I'm actually (trying to) scour the docs for these calls. At best,...

I see mention of SSO for the organization? But there's literally no documentation for it, so it might be a red herring...