Organizations
Organization operations with client.organizations. The module covers
both server surfaces — the server gates each route:
- self-service (
get,update,listMembers, …) — requires org membership + the per-actionorg:*permission; - back-office (
adminGet,adminListMembers,addMember, …) —system_admin/super_admin, no membership needed.
Reference: OrganizationsModule ·
OrgMemberRecord
import { createAuthClient } from '@rw3iss/auth-client';
const client = createAuthClient({ apiBaseUrl: 'https://auth.ryanweiss.net/api/v1', appCode: 'auth-client-demo',});await client.ready();await client.auth.login({ email: 'admin@ryanweiss.net', password: '…' });Get organizations
const all = await client.organizations.list(); // every org (admin)const org = await client.organizations.get(orgId); // self-service (member)const o2 = await client.organizations.adminGet(orgId); // admin path (no membership)
// the signed-in user's OWN memberships (org-switcher data):const mine = await client.account.getMyOrgs();Create / update / delete
const org = await client.organizations.create({ name: 'Acme Auctions', slug: 'acme' });
await client.organizations.update(orgId, { name: 'Acme Inc.' }); // self-serviceawait client.organizations.adminUpdate(orgId, { name: 'Acme Inc.' }); // admin path
await client.organizations.delete(orgId);Membership
const members = await client.organizations.adminListMembers(orgId);
// Add an EXISTING user (gets the org_member fallback role).// For invite-by-email, use createInvitation below instead.await client.organizations.addMember(orgId, userId);
await client.organizations.updateMemberStatus(orgId, userId, 'suspended');await client.organizations.adminRemoveMember(orgId, userId);Set a member’s org roles
Org-scoped roles are a set per membership — setMemberRoles replaces
it (set semantics, org-scoped role codes only):
await client.organizations.setMemberRoles(orgId, userId, ['org_admin']);await client.organizations.setMemberRoles(orgId, userId, ['org_manager', 'seller']);Built-in org roles: org_admin, org_manager, seller, buyer,
org_member. Custom per-org roles work too:
const perms = await client.organizations.listAssignablePermissions(orgId);const role = await client.organizations.createRole(orgId, { code: 'catalog-editor', name: 'Catalog Editor', permission_codes: ['org:read', 'org:update'],});await client.organizations.setMemberRoles(orgId, userId, ['catalog-editor']);(Platform-wide roles are a different surface — see Users → Set a user’s roles.)
Invitations
Invite by email — the server creates the invitation and sends the email; the invitee accepts from their own session:
// org sideawait client.organizations.createInvitation(orgId, { email: 'teammate@example.com', role_ids: [roleId], // omit for org_member});const pending = await client.organizations.listInvitations(orgId);await client.organizations.revokeInvitation(orgId, pending[0].id);
// invitee side (their own client)const invites = await client.account.listMyInvitations();await client.account.acceptInvitation(invites[0].id);await client.auth.switchOrg(invites[0].organization_id); // scope the tokenSee also
OrganizationsModule— full method reference.- auth-server → How it works — the multi-tenant model and
org:*permission catalog.