StellaOps.Auth.Client

File-based token cache suitable for CLI/offline usage.

In-memory token cache suitable for service scenarios.

Abstraction for caching StellaOps tokens.

Retrieves a cached token entry, if present.

Stores or updates a token entry for the specified key.

Removes the cached entry for the specified key.

Abstraction for requesting tokens from StellaOps Authority.

Requests an access token using the resource owner password credentials flow.

Requests an access token using the client credentials flow.

Retrieves the cached JWKS document.

Retrieves a cached token entry.

Persists a token entry in the cache.

Removes a cached entry.

Token cache backed by . Supports any transport (InMemory, Valkey, PostgreSQL) via factory injection.

DI helpers for the StellaOps auth client.

Registers the StellaOps auth client with the provided configuration.

Registers a file-backed token cache implementation.

Adds authentication and tenancy header handling for an registered via .

Options controlling how instances obtain authentication and tenancy headers.

Gets or sets the authentication mode used to authorise outbound requests.

Optional scope override supplied when requesting OAuth access tokens.

Username used when is .

Password used when is .

Pre-issued personal access token used when is .

Optional tenant identifier injected via . If null, the header is omitted.

Header name used to convey the tenant override (defaults to X-StellaOps-Tenant).

Buffer window applied before token expiration that triggers proactive refresh (defaults to 30 seconds).

Authentication strategies supported by the StellaOps API client helpers.

Use the OAuth 2.0 client credentials grant to request access tokens.

Use the resource owner password credentials grant to request access tokens.

Use a pre-issued personal access token (PAT) as the bearer credential.

Options controlling the StellaOps authentication client.

Authority (issuer) base URL.

OAuth client identifier (optional for password flow).

OAuth client secret (optional for public clients).

Default scopes requested for flows that do not explicitly override them.

Retry delays applied by HTTP retry policy (empty uses defaults).

Gets or sets a value indicating whether HTTP retry policies are enabled.

Timeout applied to discovery and token HTTP requests.

Lifetime of cached discovery metadata.

Lifetime of cached JWKS metadata.

Buffer applied when determining cache expiration (default: 30 seconds).

Gets or sets a value indicating whether cached discovery/JWKS responses may be served when the Authority is unreachable.

Additional tolerance window during which stale cache entries remain valid if offline fallback is allowed.

Parsed Authority URI (populated after validation).

Normalised scope list (populated after validation).

Normalised retry delays (populated after validation).

Validates required values and normalises scope entries.

Delegating handler that attaches bearer credentials and tenant headers to outbound requests.

Caches Authority discovery metadata.

Minimal OpenID Connect configuration representation.

Caches JWKS documents for Authority.

Represents a cached token entry.

Determines whether the token is expired given the provided .

Creates a copy with scopes normalised.

Default implementation of .

Represents an issued token with metadata.

Temporary shim for callers expecting the legacy ExpiresAt member.

Converts the result to a cache entry.