Skip to main content

Auth: hbf-reports

How this service handles authentication. Full flows: docs/architecture/auth-flows.md

Tokens This Service Accepts

Token type	Where validated	Guard / middleware
User JWT	hbf-core `/users/me`	HBFGuard

Tokens This Service Sends

Calling	Token used	How attached
hbf-core	`CORE_TOKEN`	`Authorization: Bearer <CORE_TOKEN>` header

Tokens This Service Issues

None.

Roles / Scopes Enforced

Endpoint pattern	Required role
Report endpoints	`HBF_ORG_ADMIN` (via AdminOrgRoleGuard)
Export endpoints	`HBF_ORG_ADMIN` + export permission (via ExportGuard)

Auth Notes

HBFGuard delegates token validation to hbf-core by calling /users/me.
AdminOrgRoleGuard requires the HBF_ORG_ADMIN role for all report access.
ExportGuard adds an additional permission check on top of the admin role, specific to export operations.
Config: CORE_URL, CORE_TOKEN.

Tokens This Service Accepts
Tokens This Service Sends
Tokens This Service Issues
Roles / Scopes Enforced
Auth Notes