# Excititor Tenant Authority Client (AOC-19-013)

- **Date:** 2025-11-21
- **Scope:** EXCITITOR-CORE-AOC-19-013
- **Files:** `src/Excititor/StellaOps.Excititor.Worker/Auth/TenantAuthorityClientFactory.cs`

## Contract
- Every outbound Authority call must carry `X-Tenant` header and use tenant-specific base URL.
- Base URLs and optional client credentials are configured under `Excititor:Authority:` with per-tenant keys.
- Factory throws when tenant is missing or not configured to prevent cross-tenant leakage.

## Configuration shape
```json
{
  "Excititor": {
    "Authority": {
      "BaseUrls": {
        "alpha": "https://authority.alpha.local/",
        "bravo": "https://authority.bravo.local/"
      },
      "ClientIds": {
        "alpha": "alpha-client-id"
      },
      "ClientSecrets": {
        "alpha": "alpha-secret"
      }
    }
  }
}
```

## Implementation notes
- `TenantAuthorityClientFactory` (worker) enforces tenant presence and configured base URL; adds `Accept: application/json` and `X-Tenant` headers.
- Registered in DI via `Program.cs` with options binding to `Excititor:Authority`.
- Intended to be reused by WebService/Worker components once disk space block is resolved.

## Next steps
- Wire factory into services that call Authority (WebService + Worker jobs), replacing any tenant-agnostic HttpClient usages.
- Add integration tests to ensure cross-tenant calls reject when config missing or header mismatched.