Anticipated user flow

for the qc apps that we write, what are we expecting the flow to be for adding users and granting app access?
i’m thinking about messing around with writing a quickbooks online app. that would involve a user registering, before they have a username and password, providing various credentials, then completing an oauth2 flow/redirect before they could use the app.
that also means that i have to be able to retrieve and manage the rest of the url that hits the app, because there will be other data embedded in it.
in some cases, there might even be the need to spawn a separate instance of the app for their firm, before they could use it, which would wall off their data from everyone else’s.