stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
d519782a8f0b30f425c9b6ae0f316b19259972a2
git.stella-ops.org/docs/modules/excititor/operations/tenant-authority-client.md
master d519782a8f
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
prep docs and service updates
2025-11-21 06:56:36 +00:00

1.4 KiB
Raw Blame History

Excititor Tenant Authority Client (AOC-19-013)

  • Date: 2025-11-21
  • Scope: EXCITITOR-CORE-AOC-19-013
  • Files: src/Excititor/StellaOps.Excititor.Worker/Auth/TenantAuthorityClientFactory.cs

Contract

  • Every outbound Authority call must carry X-Tenant header and use tenant-specific base URL.
  • Base URLs and optional client credentials are configured under Excititor:Authority: with per-tenant keys.
  • Factory throws when tenant is missing or not configured to prevent cross-tenant leakage.

Configuration shape

{
  "Excititor": {
    "Authority": {
      "BaseUrls": {
        "alpha": "https://authority.alpha.local/",
        "bravo": "https://authority.bravo.local/"
      },
      "ClientIds": {
        "alpha": "alpha-client-id"
      },
      "ClientSecrets": {
        "alpha": "alpha-secret"
      }
    }
  }
}

Implementation notes

  • TenantAuthorityClientFactory (worker) enforces tenant presence and configured base URL; adds Accept: application/json and X-Tenant headers.
  • Registered in DI via Program.cs with options binding to Excititor:Authority.
  • Intended to be reused by WebService/Worker components once disk space block is resolved.

Next steps

  • Wire factory into services that call Authority (WebService + Worker jobs), replacing any tenant-agnostic HttpClient usages.
  • Add integration tests to ensure cross-tenant calls reject when config missing or header mismatched.