Hellmade.ServiceAccess.Client

Client package for checking user access to a service via Hub.

Purpose

centralize Hub permissions/check API calls
provide short-lived caching for resilience
keep per-service integration minimal and consistent

Interface

IServiceAccessAuthorizer
- HasAccessAsync(externalUserId, serviceKey, bearerToken, cancellationToken)

DI wiring

services.AddHubServiceAccessAuthorizer(options =>
{
    options.HubApiBaseUrl = "https://hub-api.internal";
    options.CacheSeconds = 120;
    options.FailOpenWithCachedValue = true;
});

Middleware usage example

var externalUserId = context.User.FindFirstValue("sub");
var bearerToken = context.Request.Headers.Authorization.ToString().Replace("Bearer ", "");

var hasAccess = await authorizer.HasAccessAsync(
    externalUserId!,
    "my-service-key",
    bearerToken,
    context.RequestAborted);

if (!hasAccess)
{
    context.Response.StatusCode = StatusCodes.Status403Forbidden;
    return;
}

Onboarding checklist for another service

Validate Clerk JWT locally.
Resolve user sub claim.
Call IServiceAccessAuthorizer with your serviceKey.
Deny request when HasAccessAsync is false.
Keep service-local roles/permissions separate from Hub access check.

No packages depend on Hellmade.ServiceAccess.Client.

.NET 10.0

Microsoft.Extensions.Caching.Memory (>= 10.0.0)
Microsoft.Extensions.Http (>= 10.0.0)
Microsoft.Extensions.Options (>= 10.0.0)

Version	Downloads	Last updated
0.2.1	7	04/08/2026
0.2.0	1	04/08/2026

Hellmade.ServiceAccess.Client 0.2.1

Readme

Hellmade.ServiceAccess.Client

Purpose

Interface

DI wiring

Middleware usage example

Onboarding checklist for another service

Used By

Dependencies

.NET 10.0

Versions