API Key Client & JWT Fetch #65
Description
Epic 5: Licensing Infrastructure
User Story
As a server operator using API key mode,
I want the server to automatically fetch a JWT from the license backend using my API key,
So that license provisioning is automated and upgrades require zero reconfiguration.
Acceptance Criteria
Given an API key "sk-abc123..." configured
When ApiKeyClient.fetchJwt(apiKey) is called
Then a POST request is sent to https://license.softclient4es.com/api/v1/licenses/token
And the Authorization: Bearer sk-abc123... header is included
And the request body contains instance_id and version
Given the backend returns HTTP 200 with { "jwt": "eyJ...", "expires_in": 86400, "message": null }
When the response is processed
Then the JWT is returned for validation and caching
And if message is non-null, it is logged at INFO level
Given the backend returns HTTP 401 with { "error": "api_key_revoked", "message": "API key has been revoked..." }
When the response is processed
Then an error is logged: the backend message
And the system falls through to disk cache (Step 3) or Community (Step 4)
Given a network failure (timeout, DNS failure, connection refused)
When ApiKeyClient.fetchJwt(apiKey) is called
Then the error is logged as a WARNING
And the system falls through to disk cache (Step 3)
Given a successful JWT fetch
When the JWT is validated (signature + expiry)
Then it is stored in memory for per-request enforcement
And it is written to disk cache
Given a successful fetch returning a JWT with a different tier than the current one
When the tier changes from Community to Pro
Then an INFO log is emitted: "License upgraded from Community to Pro"
And new quotas are immediately active
Dependencies
- License Configuration & Resolution Priority (FR23, FR24, FR28)
Requirements
- FR25: API key mode shall auto-fetch JWT from license backend at startup and on periodic refresh