Skip to content
rw3iss Auth

Organizations

Organization operations with client.organizations. The module covers both server surfaces — the server gates each route:

  • self-service (get, update, listMembers, …) — requires org membership + the per-action org:* permission;
  • back-office (adminGet, adminListMembers, addMember, …) — system_admin / super_admin, no membership needed.

Reference: OrganizationsModule · OrgMemberRecord

import { createAuthClient } from '@rw3iss/auth-client';
const client = createAuthClient({
apiBaseUrl: 'https://auth.ryanweiss.net/api/v1',
appCode: 'auth-client-demo',
});
await client.ready();
await client.auth.login({ email: 'admin@ryanweiss.net', password: '…' });

Get organizations

const all = await client.organizations.list(); // every org (admin)
const org = await client.organizations.get(orgId); // self-service (member)
const o2 = await client.organizations.adminGet(orgId); // admin path (no membership)
// the signed-in user's OWN memberships (org-switcher data):
const mine = await client.account.getMyOrgs();

Create / update / delete

const org = await client.organizations.create({ name: 'Acme Auctions', slug: 'acme' });
await client.organizations.update(orgId, { name: 'Acme Inc.' }); // self-service
await client.organizations.adminUpdate(orgId, { name: 'Acme Inc.' }); // admin path
await client.organizations.delete(orgId);

Membership

const members = await client.organizations.adminListMembers(orgId);
// Add an EXISTING user (gets the org_member fallback role).
// For invite-by-email, use createInvitation below instead.
await client.organizations.addMember(orgId, userId);
await client.organizations.updateMemberStatus(orgId, userId, 'suspended');
await client.organizations.adminRemoveMember(orgId, userId);

Set a member’s org roles

Org-scoped roles are a set per membership — setMemberRoles replaces it (set semantics, org-scoped role codes only):

await client.organizations.setMemberRoles(orgId, userId, ['org_admin']);
await client.organizations.setMemberRoles(orgId, userId, ['org_manager', 'seller']);

Built-in org roles: org_admin, org_manager, seller, buyer, org_member. Custom per-org roles work too:

const perms = await client.organizations.listAssignablePermissions(orgId);
const role = await client.organizations.createRole(orgId, {
code: 'catalog-editor',
name: 'Catalog Editor',
permission_codes: ['org:read', 'org:update'],
});
await client.organizations.setMemberRoles(orgId, userId, ['catalog-editor']);

(Platform-wide roles are a different surface — see Users → Set a user’s roles.)

Invitations

Invite by email — the server creates the invitation and sends the email; the invitee accepts from their own session:

// org side
await client.organizations.createInvitation(orgId, {
email: 'teammate@example.com',
role_ids: [roleId], // omit for org_member
});
const pending = await client.organizations.listInvitations(orgId);
await client.organizations.revokeInvitation(orgId, pending[0].id);
// invitee side (their own client)
const invites = await client.account.listMyInvitations();
await client.account.acceptInvitation(invites[0].id);
await client.auth.switchOrg(invites[0].organization_id); // scope the token

See also