...
Short/Intermediate solution:
The userservice gets a route (secured with JWT) for sending emails to a specific user. The deckservice get a new route (secured with JWT) for managing edit right requests, which is called by the platform . The platform acts as a coordinator and uses the userservice to send emails . This could not done by the platform because first of all the platform does not have all the data needed (like email of the deck owner) and second of all its not the domain of the platformplus the deckservice to manage rights requests.
The email will be send to the deck owner and will contain a link for adding the user as a editor. The links directs to the deck edit view but with query parameters which will trigger rights checking and asks via a modal if the user should be added as editor.
Final version:
Kostis and Kurt already discussed the perfect workflow, here is a summary:
...