Happy to help clarify. You say you "need to update contacts on the basis of logged in users of a website." Here's the use case I'm envisioning — please correct me if I've misunderstood something:
Someone visits your website and logs into their existing account. They updating some contact information, like their phone number. You then want this new phone number to update their corresponding HubSpot contact.
Is that right? If so, OAuth doesn't actually come in when that visitor logs in, and it doesn't matter that the visitor isn't actually a user in your account.
Instead, you would set up an app to process the information change and send it to HubSpot using — in the case above — the Contacts API (this endpoint would be one viable option to update a phone number).
To authenticate this call, you could either use your account's API key or set up an intermediary app and use it to authenticate with OAuth 2.0.
Please let me know if you have additional questions.