Assume Viewer Credentials when running on Connect

[tdstein]

The general expectation when running applications on Connect is that the application is running using the visitor's credentials. This is not the current behavior. Instead, the SDK uses the CONNECT_API_KEY variable, which belongs to the content owner, not the visitor.

Therefore, the default behavior should be as follows:

When running on Connect, assume that a visitor integration is configured. If the integration is not set, provide a sensible error message that directs the user to create the integration or explicitly overrides this behavior. When the integration is set, it assumes the visitor's credentials via the HTTP header.

When running off Connect, assume the current behavior (e.g., CONNECT_API_KEY is set).

[tdstein]

I don't know if this is viable.

I haven't found a generic solution to capture the request headers outside an API framework context. The SDK client doesn't know how the request headers are captured since this is specific to the API framework implementation. For example, when using Flask, I can use flask.request.headers (see https://flask.palletsprojects.com/en/stable/quickstart/#context-locals). Similar solutions exist in each API framework, but they are specific to the framework. There isn't a generic solution.

The proper way to address this is actually within the Connect content proxy layer. A possible solution is to switch the authorization to the viewer, instead of the content owner.

cc @jonkeane