# StellaOps.Auth.Client

Typed OpenID Connect client used by StellaOps services, agents, and tooling to talk to **StellaOps Authority**. It provides:

- Discovery + JWKS caching with deterministic refresh windows.
- Password and client-credential flows with token cache abstractions.
- Configurable HTTP retry/backoff policies (Polly) and offline fallback support for air-gapped deployments.
- `HttpClient` authentication helpers that attach OAuth2 (password/client-credentials) or personal access tokens,
  including automatic `X-StellaOps-Tenant` header injection for multi-tenant APIs.

See `docs/dev/32_AUTH_CLIENT_GUIDE.md` in the repository for integration guidance, option descriptions, and rollout checklists.