That does make sense; you're correct when you say that the OAuth2 flow is intended to install an integration to a portal. It's not intended to be a user-level login/authorization flow. Here's an example of the 'expected' flow, which I think will help clarify things:
Imagine I've created an integration between my app and HubSpot. For this example, imagine my app allows companies to upload cool images to their page, and also allows users to browse the images, 'like' their favorite ones, and even purchase prints. In this example, my integration would allow a company to integrate their account in my app with their HubSpot account. My integration with HubSpot might do any number of the following things:
- Create custom timeline events anytime a user 'liked' one of my pictures in my app
- Add a number of custom contact properties that stored information from my app (e.g. number of pictures 'liked', favorite picture category, etc.)
- Add a CRM Extension with various profile information and links to the contact's profile in my app
- Create a deal in HubSpot whenever a user purchases a print in my app
The important takeaway from this example is that each and every one of these features is a portal wide feature; if one single HubSpot user approves my integration, my app can now use the Timeline API, Contacts API, CRM Extensions API, and Deals API to do all of these things without any further intervention from other HubSpot users.
Because of this, any other HubSpot user that is working in the portal has access to any of these features, assuming they have access to the relevant HubSpot tool. If they have access to view a contact record, they can see the timeline events that appear on that contact's timeline. If they have access to view deals, they can see the deals created by my integration, and so on and so forth.
Without knowing exactly what your integration is doing, it's tough to say for sure what functionality from your app a 'typical' HubSpot user would have access to. I'd be happy to discuss that if you wanted to give some more details on the integration, though.