diff --git a/src/libs/Mubert/Generated/Mubert.OptionsSupport.g.cs b/src/libs/Mubert/Generated/Mubert.OptionsSupport.g.cs
index 55409a2..fc1fab0 100644
--- a/src/libs/Mubert/Generated/Mubert.OptionsSupport.g.cs
+++ b/src/libs/Mubert/Generated/Mubert.OptionsSupport.g.cs
@@ -150,6 +150,84 @@ public interface IAutoSDKAuthorizationProvider
global::Mubert.AutoSDKHookContext context);
}
+ ///
+ /// Marker keys stamped onto outgoing
+ /// instances so consumer s — and any
+ /// other transport-layer code that runs after AutoSDK's send pipeline — can observe whether
+ /// the resolved Authorization is call-scoped and opt out of overwriting it with a
+ /// rotation-aware account-level credential.
+ ///
+ public static class AutoSDKHttpRequestOptions
+ {
+ ///
+ /// Key under which records the marker. Exposed
+ /// for handlers that target frameworks older than .NET 5 and need to read the value
+ /// through the legacy HttpRequestMessage.Properties bag.
+ ///
+ public const string AuthorizationOverrideKey = "AutoSDK.AuthorizationOverride";
+
+#if NET5_0_OR_GREATER
+ ///
+ /// Strongly-typed for
+ /// the call-scoped Authorization marker on .NET 5+ targets. Consumers should prefer this
+ /// over the legacy HttpRequestMessage.Properties bag where available.
+ ///
+ public static readonly global::System.Net.Http.HttpRequestOptionsKey AuthorizationOverride =
+ new global::System.Net.Http.HttpRequestOptionsKey(AuthorizationOverrideKey);
+#endif
+
+ ///
+ /// Stamps the call-scoped Authorization marker on . AutoSDK's
+ /// built-in calls this whenever the
+ /// resolved auth came from a per-request override or a client-level
+ /// . Hand-written SDK extensions that set a
+ /// non-default Authorization header (e.g. a session-scoped bearer returned by an
+ /// upstream poll) should call this too so downstream rotation handlers know to skip the
+ /// overwrite.
+ ///
+ ///
+ public static void StampAuthorizationOverride(
+ global::System.Net.Http.HttpRequestMessage? request)
+ {
+ if (request is null)
+ {
+ return;
+ }
+
+#if NET5_0_OR_GREATER
+ request.Options.Set(AuthorizationOverride, true);
+#else
+#pragma warning disable CS0618 // HttpRequestMessage.Properties is obsolete in NET5+, but the only option below it.
+ request.Properties[AuthorizationOverrideKey] = true;
+#pragma warning restore CS0618
+#endif
+ }
+
+ ///
+ /// Returns true when previously marked the
+ /// request as carrying a call-scoped Authorization.
+ ///
+ ///
+ public static bool HasAuthorizationOverride(
+ global::System.Net.Http.HttpRequestMessage? request)
+ {
+ if (request is null)
+ {
+ return false;
+ }
+
+#if NET5_0_OR_GREATER
+ return request.Options.TryGetValue(AuthorizationOverride, out var value) && value;
+#else
+#pragma warning disable CS0618
+ return request.Properties.TryGetValue(AuthorizationOverrideKey, out var raw) &&
+ raw is bool flag &&
+ flag;
+#pragma warning restore CS0618
+#endif
+ }
+ }
+
///
/// Built-in that consults
/// before every outgoing
@@ -176,6 +254,7 @@ public sealed class AutoSDKAuthorizationProviderHook : global::Mubert.AutoSDKHoo
ApplyAuthorization(context.Request, perRequest[index]);
}
+ global::Mubert.AutoSDKHttpRequestOptions.StampAuthorizationOverride(context.Request);
return;
}
@@ -195,6 +274,8 @@ public sealed class AutoSDKAuthorizationProviderHook : global::Mubert.AutoSDKHoo
{
ApplyAuthorization(context.Request, resolved[index]);
}
+
+ global::Mubert.AutoSDKHttpRequestOptions.StampAuthorizationOverride(context.Request);
}
private static void ApplyAuthorization(