get_current_user - Githubissues

posit-dev / posit-sdk-py

Posit SDK for Python

MIT License

7 stars 3 forks source link

get_current_user #54

Open edavidaja opened 4 months ago

edavidaja commented 4 months ago

Shiny supports this via session.user, for other frameworks we should support this via SDK:

nealrichardson commented 4 months ago

We just added https://github.com/posit-dev/posit-sdk-py/pull/51. So should we plan to update those guides to use the SDK to get the user? Or something else?

mmarchetti commented 4 months ago

The API call in #51 will return the user who owns the API key the client is configured to use. The scenario here is a deployed app that wants to know the identity of visiting users who are identified to Connect (but not the app) via a session cookie. Connect embeds their information in an HTTP header that the app receives. Code to extract HTTP headers from the inbound request is framework-specific.

tdstein commented 4 months ago

Is visitor the appropriate name for this entity? While user for "me".

e.g.,

client.visitor

nealrichardson commented 4 months ago

I'm not sure it comes from client. From the looks of those examples, it's a utility that parses a response header or something, which seems to vary across applications as to how it's exposed. So the SDK would be providing a helper function to encapsulate that?

edavidaja commented 4 months ago

So the SDK would be providing a helper function to encapsulate that?

That was what I had in mind.

tdstein commented 4 months ago

Got it. Is visitor still appropriate for a logical name?

I'm thinking the following where get_visitor is the tbd helper method

import json

from posit.connect import Client

def get_visitor() -> dict:
    return {'username': 'taylor_steinberg', 'groups': ['rsc_team']}

with Client() as client:
    visitor = get_visitor()
    user = client.users.find_one(lambda user: user["username"] == visitor["username"])
    print(json.dumps(user))

edavidaja commented 4 months ago

I think "visitor" is fine and it's a word we use in other places in the documentation. A good alternative is "viewer"--it overlaps with the Connect role, which I think is fine in this case.

mmarchetti commented 4 months ago

visitor = get_visitor()

Looking at our example code for Flask, FastAPI and Streamlit, it will be difficult for the API to have that shape since we don't know which framework is in use. We might need a separate helper function per framework.