@auth0/myorganization-js

v1.0.1

Published

a month ago

Auth0 SDK for JavaScript/TypeScript to manage organizations, members, roles, and identity providers

Release

📚 Documentation - 🚀 Getting Started - 💻 API Reference - � Examples - 💬 Feedback

Documentation

Docs Site - explore our docs site and learn more about Auth0
API Reference - full reference for this library
Framework Examples - production-ready examples for Express, Node.js, React, and vanilla JavaScript

Getting started

Requirements

This library supports the following tooling versions:

Node.js: 20 or higher

Installation

Using npm in your project directory run the following command:

npm install @auth0/myorganization-js

Configure the SDK

The MyOrganization client allows you to manage Auth0 Organizations, including Organization details, domains, identity providers, and configuration.

Initialize your client with a domain and token supplier:

import { MyOrganizationClient } from "@auth0/myorganization-js";

const client = new MyOrganizationClient({
    domain: "{YOUR_TENANT_AND_REGION}.auth0.com",
    token: "YOUR_ACCESS_TOKEN", // or use a token supplier function
});

Using a token supplier

For dynamic token retrieval (recommended for production):

import { MyOrganizationClient } from "@auth0/myorganization-js";

const client = new MyOrganizationClient({
    domain: "{YOUR_TENANT_AND_REGION}.auth0.com",
    token: async ({ scope }) => {
        // Fetch token with required scopes
        return await getAccessToken({
            scope: `openid profile email ${scope}`,
        });
    },
});

Using a custom fetcher

For advanced authentication scenarios:

import { MyOrganizationClient } from "@auth0/myorganization-js";

const client = new MyOrganizationClient({
    domain: "{YOUR_TENANT_AND_REGION}.auth0.com",
    fetcher: async (url, init, authParams) => {
        const token = await getAccessToken({ scope: authParams?.scope });
        return fetch(url, {
            ...init,
            headers: {
                ...init?.headers,
                Authorization: `Bearer ${token}`,
            },
        });
    },
});

Server-side authentication

For server-side applications, you can use the client credentials flow with a helper function that automatically handles token management:

Using Client Credentials with Client Secret

import { createMyOrganizationClientWithClientCredentials } from "@auth0/myorganization-js/server";

const client = createMyOrganizationClientWithClientCredentials(
    {
        domain: "{YOUR_TENANT_AND_REGION}.auth0.com",
    },
    {
        clientId: "YOUR_CLIENT_ID",
        clientSecret: "YOUR_CLIENT_SECRET",
        organization: "org_123456789",
    },
);

Using Client Credentials with Private Key JWT

For enhanced security using private key JWT:

import { createMyOrganizationClientWithClientCredentials } from "@auth0/myorganization-js/server";

const client = createMyOrganizationClientWithClientCredentials(
    {
        domain: "{YOUR_TENANT_AND_REGION}.auth0.com",
    },
    {
        clientId: "YOUR_CLIENT_ID",
        privateKey: "YOUR_PRIVATE_KEY",
        organization: "org_123456789",
    },
);

Manual token provider setup

For more control, you can manually configure the token provider:

import { MyOrganizationClient, ClientCredentialsTokenProvider } from "@auth0/myorganization-js/server";

const tokenProvider = new ClientCredentialsTokenProvider({
    domain: "{YOUR_TENANT_AND_REGION}.auth0.com",
    clientId: "YOUR_CLIENT_ID",
    clientSecret: "YOUR_CLIENT_SECRET",
    organization: "org_123456789",
    audience: "https://api.example.com", // optional custom audience
});

const client = new MyOrganizationClient({
    domain: "{YOUR_TENANT_AND_REGION}.auth0.com",
    tokenProvider,
});

Security Warning: Server-side authentication methods should only be used in secure server environments where client secrets and private keys can be safely stored. Never expose these credentials in browser or SPA applications.

Request and response types

The SDK exports all request and response types as TypeScript interfaces. You can import them directly:

import { MyOrganizationClient, MyOrganization } from "@auth0/myorganization-js";

const client = new MyOrganizationClient({
    domain: "{YOUR_TENANT_AND_REGION}.auth0.com",
    token: "YOUR_ACCESS_TOKEN",
});

// Use the request type
const request: MyOrganization.CreateOrganizationDomainRequestContent = {
    domain: "acme.com",
};

await client.organization.domains.create(request);

API reference

Generated documentation

Full Reference - complete API reference guide

Key classes

MyOrganizationClient - for managing Organization details, domains, identity providers, and configuration

Framework examples

Comprehensive examples demonstrating how to use the MyOrganization SDK across different frameworks:

🚀 Server-side

Express TypeScript - Core Organization management REST API with domain and identity provider workflows
Node.js TypeScript - CLI tools and automation scripts
Node.js JavaScript - Vanilla JavaScript scripts and automation tasks

🌐 Client-side

React SPA - React application with Auth0 React SDK integration and custom hooks
Vanilla JavaScript SPA - Pure JavaScript SPA with Auth0 SPA JS integration

Each example includes:

✅ Complete setup instructions
✅ Environment configuration templates
✅ Production-ready patterns
✅ Comprehensive error handling
✅ All SDK features demonstrated

Quick start:

cd examples/[example-name]
npm install
cp .env.example .env
# Configure .env with your Auth0 credentials
npm run dev

Key patterns

Server-side (Express, Node.js):

import { createMyOrganizationClientWithClientCredentials } from "@auth0/myorganization-js/server";

const client = createMyOrganizationClientWithClientCredentials(
    { domain: "tenant.auth0.com" },
    {
        clientId: "YOUR_CLIENT_ID",
        clientSecret: "YOUR_CLIENT_SECRET",
        organization: "org_123456789",
    },
);

Client-side (React, SPA) with automatic scope injection:

import { MyOrganizationClient } from "@auth0/myorganization-js";

const client = new MyOrganizationClient({
    domain: "tenant.auth0.com",
    // SDK automatically passes required scopes for each API call
    token: async ({ scope }) => {
        return await auth0.getTokenSilently({
            authorizationParams: {
                scope: `openid profile email ${scope}`,
                organization: "org_123456789",
            },
        });
    },
});

View all examples →

Exception handling

When the API returns a non-success status code (4xx or 5xx response), a subclass of the following error will be thrown:

import { MyOrganizationClient, MyOrganizationError } from "@auth0/myorganization-js";

const client = new MyOrganizationClient({
    domain: "{YOUR_TENANT_AND_REGION}.auth0.com",
    token: "YOUR_ACCESS_TOKEN",
});

try {
    await client.organization.domains.create({
        domain: "acme.com",
    });
} catch (err) {
    if (err instanceof MyOrganizationError) {
        console.log(err.statusCode);
        console.log(err.message);
        console.log(err.body);
        console.log(err.rawResponse);
    }
}

Advanced

Additional headers

If you would like to send additional headers as part of the request, use the headers request option:

const response = await client.organization.domains.create(
    {
        domain: "acme.com",
    },
    {
        headers: {
            "X-Custom-Header": "custom value",
        },
    },
);

Additional query string parameters

If you would like to send additional query string parameters as part of the request, use the queryParams request option:

const response = await client.organization.domains.create(
    {
        domain: "acme.com",
    },
    {
        queryParams: {
            customQueryParamKey: "custom query param value",
        },
    },
);

Retries

The SDK is instrumented with automatic retries with exponential backoff. A request will be retried as long as the request is deemed retryable and the number of retry attempts has not grown larger than the configured retry limit (default: 2).

A request is deemed retryable when any of the following HTTP status codes is returned:

408 (Timeout)
429 (Too Many Requests)
5XX (Internal Server Errors)

Use the maxRetries request option to configure this behavior:

const response = await client.organization.domains.create(
    {
        domain: "acme.com",
    },
    {
        maxRetries: 0, // override maxRetries at the request level
    },
);

Timeouts

The SDK defaults to a 60 second timeout. Use the timeoutInSeconds option to configure this behavior:

const response = await client.organization.domains.create(
    {
        domain: "acme.com",
    },
    {
        timeoutInSeconds: 30, // override timeout to 30s
    },
);

Aborting requests

The SDK allows users to abort requests at any point by passing in an abort signal:

const controller = new AbortController();
const response = await client.organization.domains.create(
    {
        domain: "acme.com",
    },
    {
        abortSignal: controller.signal,
    },
);
controller.abort(); // aborts the request

Logging

The SDK includes built-in logging that can help with debugging. By default, logging is silent. You can enable it by passing a logging configuration when creating the client:

const client = new MyOrganizationClient({
    domain: "{YOUR_TENANT_AND_REGION}.auth0.com",
    token: "YOUR_ACCESS_TOKEN",
    logging: {
        level: "debug",
        silent: false,
    },
});

When enabled at debug level, the SDK logs HTTP request and response details including method, URL, status code, and headers. Sensitive information (authorization headers, API keys, tokens in query parameters) is automatically redacted.

Log levels

The available log levels in order of verbosity are:

debug - HTTP request/response details
info - General operational information
warn - Warning messages
error - Failed HTTP requests and errors

Custom logger

You can provide your own logger implementation that satisfies the ILogger interface:

const client = new MyOrganizationClient({
    domain: "{YOUR_TENANT_AND_REGION}.auth0.com",
    token: "YOUR_ACCESS_TOKEN",
    logging: {
        level: "debug",
        silent: false,
        logger: {
            debug: (message, ...args) => myLogger.debug(message, ...args),
            info: (message, ...args) => myLogger.info(message, ...args),
            warn: (message, ...args) => myLogger.warn(message, ...args),
            error: (message, ...args) => myLogger.error(message, ...args),
        },
    },
});

Access raw response data

The SDK provides access to raw response data, including headers, through the .withRawResponse() method. The .withRawResponse() method returns a promise that results to an object with a data and a rawResponse property:

const { data, rawResponse } = await client.organization.domains
    .create({
        domain: "acme.com",
    })
    .withRawResponse();

console.log(data);
console.log(rawResponse.headers["X-My-Header"]);

Runtime compatibility

The SDK works in the following runtimes:

Node.js 20 or higher
Vercel
Cloudflare Workers
Deno v1.25+
Bun 1.0+
React Native

Feedback

Contributing

We appreciate feedback and contribution to this repo! Before you get started, please see the following:

While we value open-source contributions to this SDK, this library is generated programmatically. Additions made directly to this library would have to be moved over to our generation code, otherwise they would be overwritten upon the next generated release. Feel free to open a PR as a proof of concept, but know that we will not be able to merge it as-is. We suggest opening an issue first to discuss with us!

On the other hand, contributions to the README are always very welcome!

Raise an issue

To provide feedback or report a bug, please raise an issue on our issue tracker.

Vulnerability reporting

Please do not report security vulnerabilities on the public GitHub issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.