Would this work?
- Use DiscourseConnect (“Discourse SSO”) as described to get the username for the current user.
- Make an API key with the scopes you need and “all users” access.
- Obviously you can’t pass that key to the web app on the client side without compromising the site, so you’ll need to proxy requests from the web app through that apps’ backend to your Discourse instance. (And you’d need to validate that the username is legit from the backend — I haven’t looked at DiscourseConnect but presumably there’s a way to do that.)
(PS: I recommend using ‘example.com’ for your example domain. Someone could buy the one you’ve linked to and set up spam or malware or whatever, whereas example.[com|org|net] are officially reserved.)