Skip to content

togo-framework/auth-platform

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

togo

togo-framework/auth-platform

marketplace pkg.go.dev MIT

Organizations & teams for togo — multi-tenant auth with per-org roles, invites & branding.

Install

togo install togo-framework/auth-platform

auth-platform adds the organization / team layer on top of the togo auth plugin — what Fort calls platforms and Laravel Jetstream calls teams. Users join orgs as members with a per-org role, are added by email invite, and every request is scoped to a current org (resolved from a header, subdomain, or claim). Each org carries its own settings and branding. It composes with auth but works standalone.

Usage

import authplatform "github.com/togo-framework/auth-platform"

s, _ := authplatform.FromKernel(k)

// Create an org (the creator becomes the owner).
org, _ := s.CreateOrg("Acme Inc", "", ownerID)

// Invite by email, accept by token.
inv, _ := s.Invite(org.ID, "jane@acme.com", authplatform.RoleAdmin)
s.Accept(inv.Token, janeUserID)

// Roles & gating.
s.HasRole(org.ID, janeUserID, authplatform.RoleAdmin) // true
s.SetRole(org.ID, janeUserID, authplatform.RoleMember)

// Org switcher + per-org settings/branding.
orgs := s.OrgsForUser(userID)
s.SetSetting(org.ID, "feature.beta", true)
s.SetBranding(org.ID, authplatform.Branding{PrimaryColor: "#2C7BE2", LogoURL: "/logo.svg"})

Request scoping

// Resolve the current org from X-Org-Id / ?org= / subdomain, then read it anywhere.
router.Use(s.ResolveOrg)
orgID := authplatform.OrgID(ctx)
org, _ := s.CurrentOrg(ctx)

// Gate a route by org role (403 otherwise).
router.With(s.RequireOrgRole(authplatform.RoleAdmin)).Post("/api/billing", handler)

Roles

owner > admin > member (ranked — RequireOrgRole(admin) is satisfied by owners). Custom role strings are allowed and matched by exact name.

REST API

Method Path Purpose
GET /api/orgs orgs the current user belongs to (switcher)
POST /api/orgs create an org (creator = owner)
GET/PATCH/DELETE /api/orgs/{id} read / update branding+settings / delete
GET /api/orgs/{id}/members list members
POST /api/orgs/{id}/invites invite by email + role
POST /api/org-invites/accept accept an invite token

The current user is read from the auth context (or X-User-Id for standalone use).

Configuration

No required env. Data is held in a bounded in-memory store behind a small interface — back it with a database for persistence in production.


Premium sponsors

ID8 Media  ·  One Studio

Support togo — become a sponsor.

About

togo organizations & teams — multi-tenant auth with per-org roles, invites & branding

Topics

Resources

License

Stars

Watchers

Forks

Sponsor this project

 

Packages

 
 
 

Contributors

Languages