@sean-hogan2,

Welcome to the FusionAuth Community!

I want to avoid giving too specific advice on architecture in our community forums, but what you have outlined here certainly seems plausible, at least at first pass. Could you elaborate a bit on what you mean regarding 'shell objects for the users'? I will also see if my colleagues have any other feedback for you. If they do, I will be sure to pass it along here.

Regarding the user object, you have the ability to set up a lambda function to add custom functionality.
One can make any number of custom claims on the user object to help you facilitate what you are trying to create (re: 'parameterize the templates'). A good example of this can be found here.

In addition to lambdas, FusionAuth also has significant extensibility through its external identity providers, connectors, and API's which you can mold to your use case. As an aside, if it is possible to do in FusionAuth, it will most certainly be doable through our APIs (some of our customers don't even really use the UI).

I hope this helps!

Thanks,
Josh