@dave3 - once you have that bearer/access token (follow the impersonation docs), you can make REST API calls from your backend app. Scroll down to the section titled Using an access token in a request in the doc page I posted above. All requests sent using that auth token will be made on behalf of the user.
But, our app may want to add a comment that the customer made on our app to jira, and we would want it to come from that same user. How can I do a commentOnBehalfOf for that comment?
Keep in mind, the user may or may not have existed when I created the issue - I pass in an email address to raiseOnBehalfOf, and if the user is not already on service desk, an account will be created for them.