Auth: hbf-core-api

How this library handles authentication. Full flows: docs/architecture/auth-flows.md

This is a shared TypeScript client library, not a running service. It provides a typed HTTP client for calling hbf-core from NestJS backend services.

Tokens This Service Accepts

None. This is a library, not a service. It does not receive or validate tokens.

Tokens This Service Sends

Calling	Token used	How attached
hbf-core (all endpoints)	Bearer token passed at construction time: `new HBFCoreApi(url, token)`. Typically sourced from the calling service's `CORE_TOKEN` env var.	`Authorization: Bearer <token>` header on every request

Tokens This Service Issues

None.

Roles / Scopes Enforced

None. Role enforcement happens in hbf-core, not in this library.

Auth Notes

All NestJS services that need to call hbf-core depend on this library.
The HBFGuard used by downstream services calls /users/me through this library to validate the incoming user's token against hbf-core.
The token is set once at construction and reused for all requests. There is no built-in token refresh mechanism in the library itself.

Tokens This Service Accepts​

Tokens This Service Sends​

Tokens This Service Issues​

Roles / Scopes Enforced​

Auth Notes​

Tokens This Service Accepts

Tokens This Service Sends

Tokens This Service Issues

Roles / Scopes Enforced

Auth Notes