useActiveOrganization()The useActiveOrganization() hook is arguably the most critical hook for maintaining data isolation in a B2B application. It retrieves the specific Organization object that the user has currently selected within their session context.
It provides immediate access to the organization’s unique ID, its custom metadata, and—most importantly—provides rigorous utility functions for enforcing authorization gates on the frontend.
Import import { useActiveOrganization } from "@wacht/react-router" ;
Anatomy Boolean indicating SDK readiness.
The complete initialized Organization profile of the currently active tenant.
activeMembership
OrganizationMembershipWithOrganization | null
The current user’s specific membership context within the active organization.
Any error encountered during organization initialization.
Manually triggers a re-fetch of the active organization and membership data.
Show Organization functions
updateOrganization
(payload: OrganizationUpdate) => Promise<ApiResult<Organization>>
Updates basic properties of the active organization.
leave
() => Promise<ApiResult<void>>
Leaves the currently active organization.
getMembers
(params?: { page: number; limit: number; search?: string }) => Promise<ApiResult<PaginatedResponse<OrganizationMembership[]>>>
Fetches paginated list of members for the active organization.
removeMember
(member: OrganizationMembership) => Promise<void>
Removes a member from the active organization.
getRoles
() => Promise<ApiResult<OrganizationRole[]>>
Retrieves all roles available in the organization.
removeRole
(role: OrganizationRole) => Promise<void>
Deletes a role from the active organization.
addMemberRole
(member: OrganizationMembership, role: OrganizationRole) => Promise<ApiResult<OrganizationMembership>>
Assigns a role to a specific member within the active organization.
removeMemberRole
(member: OrganizationMembership, role: OrganizationRole) => Promise<ApiResult<OrganizationMembership>>
Removes a role from a specific member.
Show Invitation functions
getInvitations
() => Promise<ApiResult<OrganizationInvitation[]>>
Fetches pending invitations for the active organization.
inviteMember
(payload: OrganizationInvitationPayload) => Promise<ApiResult<OrganizationInvitation>>
Invites a new member to the active organization via email.
resendInvitation
(invitation: OrganizationInvitation) => Promise<ApiResult<OrganizationInvitation>>
Resends an outstanding invitation email.
discardInvitation
(invitation: OrganizationInvitation) => Promise<ApiResult<OrganizationInvitation>>
Revokes a pending invitation.
getDomains
() => Promise<ApiResult<OrganizationDomain[]>>
Retrieves domains linked to the active organization.
addDomain
(domain: NewDomain) => Promise<ApiResult<OrganizationDomain>>
Adds a new custom domain for organizational identity.
verifyDomain
(domain: OrganizationDomain) => Promise<ApiResult<OrganizationDomain>>
Triggers DNS verification for an added domain.
removeDomain
(domain: OrganizationDomain) => Promise<ApiResult<OrganizationDomain>>
Removes a custom domain.
Enterprise Connections (SSO)
getEnterpriseConnections
() => Promise<ApiResult<EnterpriseConnection[]>>
Lists active SAML/OIDC enterprise connections for the active organization.
createEnterpriseConnection
(payload: CreateEnterpriseConnectionPayload) => Promise<ApiResult<EnterpriseConnection>>
Establishes a new enterprise SSO connection.
updateEnterpriseConnection
(connectionId: string, payload: UpdateEnterpriseConnectionPayload) => Promise<ApiResult<EnterpriseConnection>>
Updates enterprise SSO settings.
testEnterpriseConnectionConfig
(payload: TestPayload) => Promise<ApiResult<TestResult>>
Tests SSO capabilities of a provided configuration.
testEnterpriseConnection
(connectionId: string) => Promise<ApiResult<TestResult>>
Tests an existing enterprise connection.
deleteEnterpriseConnection
(connectionId: string) => Promise<void>
Removes an enterprise connection.
getSCIMToken
(connectionId: string) => Promise<ApiResult<SCIMTokenInfo>>
Retrieves the active SCIM provisioning token information.
generateSCIMToken
(connectionId: string) => Promise<ApiResult<SCIMTokenInfo>>
Generates a new SCIM provisioning token.
revokeSCIMToken
(connectionId: string) => Promise<void>
Revokes the SCIM provisioning token instantly.
Usage: Accessing Basic Org Data You can use the organization object to stamp your UI with tenant-specific branding.
import { useActiveOrganization } from "@wacht/react-router" ; export function TeamDashboardHeader () { const { loading , activeOrganization } = useActiveOrganization (); if ( loading ) return null ; // Fallback UI if the user hasn't selected a team if ( ! activeOrganization ) { return < h1 > Personal Dashboard </ h1 > ; } return ( < header className = "flex items-center gap-3" > { activeOrganization . image && ( < img src = { activeOrganization . image as string } className = "w-8 h-8 rounded-md" alt = "Logo" /> ) } < h1 className = "text-2xl font-bold tracking-tight text-zinc-900" > { activeOrganization . name } Workspace </ h1 > </ header > ); }
Client-Side Authorization (RBAC) When building complex interfaces, certain destructive actions (like deleting a project or changing billing details) should only be accessible to users with specific roles.
You can leverage the activeMembership.roles array or the global JWT session permissions to evaluate a user’s rights against the active organizational context.
[!WARNING]
Client-side RBAC checks are excellent for UI/UX (hiding buttons or panels), but they are not a secure barrier. You must always re-verify permissions on your backend server by executing RequireAuth before executing destructive mutations to the database.
