Understanding user to organization invitation flow in my architecture

Hi there,

I’m currently in the process of implementing Auth0 for an application that we’re potentially planning to offer as a SaaS product. As this is my first time designing such a system, I would appreciate any corrections or insights if you find any misunderstandings in my design decisions or process.

Our system is designed with:

  • A Spring Boot Backend configured as a Resource Server (Auth0 API Application)
  • A management web UI likely to be developed with AngularJS (SPA Application)
  • A mobile (iOS) client application that interacts with the backend API (Native Application)

We are planning to leverage Auth0 organizations to represent our customers. Therefore, for a user to login successfully, they must be a member of an organization - this part is already functional.

The customer onboarding process is handled by our backend API, which uses the Management API to invite a primary admin user to the new organization. This new admin user should then be able to invite other members to their organization using the “create invitations to organizations” API.

When our backend receives a request, Spring checks the JWT and sets the user in the security context. We retrieve the Auth0 user ID and email from the token (if they don’t exist yet) and save them to our database. This way, we can implement application-specific roles as there will be teams, projects, and specific roles in those contexts.

Is this approach feasible? I’ve developed a proof-of-concept solution that seems to work. However, I’m having difficulty fully testing the invite to organization process locally. Is it possible to test this process without setting an actual Application Login URI?

I’m also unsure of how the URI should be structured with my setup. Should the iOS app and SPA have different URLs? Should both point to an SPA route that reads the invitation and organization parameter, then redirects to the /authorize endpoint?

Apologies for the broad nature of my question. However, I’d greatly appreciate any advice on how I should integrate the invite to organization workflow into my architecture, along with any general guidance for the project.

Thank you for your time!