Welcome to the Auth0 Community!
Thank you for posting your question.
I would like to add users to organisations and limit what a user can do using the organisation she is a member off. For example when requesting a list I would like to ensure that the query response uses the organisation settings to limit what is returned to what its in the user her organisation.
You can achieve mentioned results with the usage or organization with role-based access control. Here are a few link that can help you:
- Role-Based Access Control
- What is Role-Based Access Control (RBAC)? - Auth0
- Enable Role-Based Access Control for APIs
- Adding RBAC Permissions to Access Tokens
- How to Create a Paywall or Restrict Usage to an App for Subscribed Users Only
Second OpenAI has service account tokens that can be requested once you are signed into the application. The tokens are shown only once and are throwaway. They dont expire which makes it convenient to use it in m2m communication.
The maximum you can set an access token is 30 days → Update Access Token Lifetime
Thanks
Dawid