useActiveOrganization()The useActiveOrganization() hook serves as a critical primitive for enforcing data isolation boundaries within segmented B2B architectures. It yields the specific Organization object contextually bound to the user’s active session.
This hook exposes the active organization’s unique identifier, custom metadata matrix, and authorization evaluation functions, facilitating robust client-side access control.
Hook Import import { useActiveOrganization } from "@wacht/tanstack-router" ;
Hook Interface Boolean flag denoting the initialization readiness of the SDK concerning the organization context.
The fully hydrated Organization profile correlating to the actively selected tenant. Evaluates to null if no selection exists.
activeMembership
OrganizationMembershipWithOrganization | null
The authenticated user’s specific membership construct nested within the active organization parameter.
Captures network failures or processing exceptions encountered during the organization context initialization.
Triggers a manual network synchronization sequence for the active organization and membership data.
Organization Management Controls
Show Core Organization Interface
updateOrganization
(payload: OrganizationUpdate) => Promise<ApiResult<Organization>>
Executes a partial modification of the active organization’s properties.
leave
() => Promise<ApiResult<void>>
Executes the resignation protocol for the currently active organization.
Member & Role Authorizations
Show Access Control Interface
getMembers
(params?: { page: number; limit: number; search?: string }) => Promise<ApiResult<PaginatedResponse<OrganizationMembership[]>>>
Retrieves a paginated matrix of identity memberships bound to the active organization.
removeMember
(member: OrganizationMembership) => Promise<void>
Detaches a specified member identity from the active organization.
getRoles
() => Promise<ApiResult<OrganizationRole[]>>
Retrieves the complete array of authorization roles configured within the organization.
removeRole
(role: OrganizationRole) => Promise<void>
Destroys an existing organizational role definition.
addMemberRole
(member: OrganizationMembership, role: OrganizationRole) => Promise<ApiResult<OrganizationMembership>>
Allocates a specific authorization role to a target member construct.
removeMemberRole
(member: OrganizationMembership, role: OrganizationRole) => Promise<ApiResult<OrganizationMembership>>
Revokes a specific authorization role assignment from a target member construct.
Show Invitation Interface
getInvitations
() => Promise<ApiResult<OrganizationInvitation[]>>
Retrieves the array of pending membership invitations associated with the active organization.
inviteMember
(payload: OrganizationInvitationPayload) => Promise<ApiResult<OrganizationInvitation>>
Dispatches a new membership invitation to external identities via defined communication channels.
resendInvitation
(invitation: OrganizationInvitation) => Promise<ApiResult<OrganizationInvitation>>
Retransmits an outstanding invitation dispatch.
discardInvitation
(invitation: OrganizationInvitation) => Promise<ApiResult<OrganizationInvitation>>
Revokes and nullifies a pending invitation payload.
getDomains
() => Promise<ApiResult<OrganizationDomain[]>>
Retrieves the verified and pending domain constraints linked to the active organization.
addDomain
(domain: NewDomain) => Promise<ApiResult<OrganizationDomain>>
Registers a new custom domain identity for organizational mapping constraints.
verifyDomain
(domain: OrganizationDomain) => Promise<ApiResult<OrganizationDomain>>
Initiates the DNS verification sequence for an existing unverified domain record.
removeDomain
(domain: OrganizationDomain) => Promise<ApiResult<OrganizationDomain>>
Removes a custom domain mapping from the organization.
Enterprise Single Sign-On Integrations
Show Enterprise SSO Interface
getEnterpriseConnections
() => Promise<ApiResult<EnterpriseConnection[]>>
Retrieves the active SAML/OIDC enterprise federation mappings for the active organization.
createEnterpriseConnection
(payload: CreateEnterpriseConnectionPayload) => Promise<ApiResult<EnterpriseConnection>>
Initializes a novel enterprise SSO federation link.
updateEnterpriseConnection
(connectionId: string, payload: UpdateEnterpriseConnectionPayload) => Promise<ApiResult<EnterpriseConnection>>
Modifies existing enterprise SSO configuration parameters.
testEnterpriseConnectionConfig
(payload: TestPayload) => Promise<ApiResult<TestResult>>
Executes validation tests against a provided SSO configuration schema prior to commitment.
testEnterpriseConnection
(connectionId: string) => Promise<ApiResult<TestResult>>
Executes validation tests against an established enterprise connection link natively.
deleteEnterpriseConnection
(connectionId: string) => Promise<void>
Destroys an enterprise connection federation link.
SCIM Directory Synchronizations
getSCIMToken
(connectionId: string) => Promise<ApiResult<SCIMTokenInfo>>
Retrieves metadata pertaining to the active SCIM provisioning authorization token limit.
generateSCIMToken
(connectionId: string) => Promise<ApiResult<SCIMTokenInfo>>
Mints a novel SCIM directory provisioning token payload.
revokeSCIMToken
(connectionId: string) => Promise<void>
Revokes the authorization payload for the SCIM provisioning token instantly.
Implementation Guidelines Accessing Top-Level Organization Parameters The activeOrganization construct supplies the context required for rendering tenant-specific branding elements and interface parameters dynamically.
import { useActiveOrganization } from "@wacht/tanstack-router" ; export function TenancyDashboardHeader () { const { loading , activeOrganization } = useActiveOrganization (); if ( loading ) return null ; // Utilize fallback interface structures if the user has not confirmed an organization selection context. if ( ! activeOrganization ) { return < h1 className = "font-medium text-gray-800 tracking-tight" > Personal Workspace Context </ h1 > ; } return ( < header className = "flex items-center gap-4" > { activeOrganization . image && ( < img src = { activeOrganization . image as string } className = "w-8 h-8 rounded-md" alt = "Organization Brand Logo" /> ) } < h1 className = "text-2xl font-semibold tracking-tight text-gray-900 border-b border-gray-100 pb-2" > { activeOrganization . name } Context </ h1 > </ header > ); }
Client-Side Authorization Modeling (RBAC) Interface elements invoking destructive mutations (e.g., resource deletion, billing manipulation) must be programmatically restricted to users possessing explicit role assignments. The activeMembership.roles construct furnishes the arrays necessary to evaluate authorization checks.
[!WARNING]
Client-side RBAC evaluations dictate interface rendering logic but do not enforce absolute security boundaries. System integrity necessitates comprehensive policy verification explicitly executed upon the backend server infrastructure utilizing the RequireAuth mechanisms prior to database modification events.
