slight refactor after PR feedback; simplified provider

Author: mconflitti-pbc

src/posit/connect/external/connect_api.py

@@ -14,18 +14,19 @@
 from .external import is_local
 
 
-class ConnectAPIKeyProvider:
-    """Viewer API key provider for Connect API integration.
+class ViewerConnectClientProvider:
+    """Viewer client provider for Connect API integration.
 
-    Provider for exchanging Connect User Session Token for Connect API Key that acts on behalf of the user.
-    This is an ephemeral API key that adheres to typical ephemeral API key clean up processes.
+    Provider handles exchanging Connect User Session Token for Connect API Key that acts on behalf of the user.
+    This is an ephemeral API key that adheres to typical ephemeral API key clean up processes. The provider
+    returns a `Client` that is scoped to the viewer's API key.
 
     Examples
     --------
     ```python
     from shiny import App, ui
     from posit.connect import Client
-    from posit.connect.external.connect_api import ConnectAPIKeyProvider
+    from posit.connect.external.connect_api import ViewerConnectClientProvider
 
     app_ui = ui.page_fixed(
         ui.h1("My Shiny App"),
@@ -36,8 +37,7 @@ class ConnectAPIKeyProvider:
     def server(input, output, session):
         client = Client()
         user_session_token = session.http_conn.headers.get("Posit-Connect-User-Session-Token")
-        provider = ConnectAPIKeyProvider(client, user_session_token)
-        viewer_client = Client(api_key=provider.viewer)
+        viewer_client = ViewerConnectClientProvider(user_session_token).get_client()
 
         assert client.me() != viewer_client.me()
 
@@ -50,35 +50,31 @@ def server(input, output, session):
 
     def __init__(
         self,
-        client: Optional[Client] = None,
-        user_session_token: Optional[str] = None,
+        user_session_token: str,
+        client_override: Optional[Client] = None,
+        url_override: Optional[str] = None,
     ):
-        self._client = client
+        if user_session_token == "":
+            raise ValueError("Must provide valid user session token")
+
         self._user_session_token = user_session_token
+        self._client = client_override if client_override else Client()
+        self._url = url_override
 
-    @property
-    def viewer(self) -> Optional[str]:
-        """Retrieve the viewer api key.
+    def get_client(self) -> Client:
+        """A new Connect client that can act on behalf of the viewer based on the user session token.
 
         The viewer key is retrieved through an OAuth exchange process using the user session token.
         The issued API key is associated with the viewer of your app and can be used on their behalf
-        to interact with the Connect API.
+        to interact with the Connect API using this client.
         """
+        # If running this locally, the viewer will be assumed to be the same as the publisher.
         if is_local():
-            return None
-
-        # If the user-session-token wasn't provided and we're running on Connect then we raise an exception.
-        # user_session_token is required to impersonate the viewer.
-        if self._user_session_token is None:
-            raise ValueError(
-                "The user-session-token is required for viewer API key authorization."
-            )
-
-        if self._client is None:
-            self._client = Client()
+            return self._client
 
         credentials = self._client.oauth.get_credentials(
             user_session_token=self._user_session_token,
             requested_token_type=API_KEY_TOKEN_TYPE,
         )
-        return credentials.get("access_token")
+
+        return Client(url=self._url, api_key=credentials.get("access_token"))

tests/posit/connect/external/test_connect_api.py

@@ -3,7 +3,7 @@
 import responses
 
 from posit.connect import Client
-from posit.connect.external.connect_api import ConnectAPIKeyProvider
+from posit.connect.external.connect_api import ViewerConnectClientProvider
 
 
 def register_mocks():
@@ -29,24 +29,82 @@ def register_mocks():
 
 class TestConnectAPIKeyProvider:
     @responses.activate
-    @patch.dict("os.environ", {"RSTUDIO_PRODUCT": "CONNECT"})
+    @patch.dict(
+        "os.environ",
+        {
+            "RSTUDIO_PRODUCT": "CONNECT",
+            "CONNECT_SERVER": "http://connect.example/",
+            "CONNECT_API_KEY": "12345",
+        },
+    )
     def test_provider(self):
         register_mocks()
 
+        provider = ViewerConnectClientProvider(
+            user_session_token="cit",
+        )
+        viewer_client = provider.get_client()
+        assert viewer_client is not None
+        assert viewer_client.cfg.url == "http://connect.example/"
+        assert viewer_client.cfg.api_key == "viewer-api-key"
+
+    @responses.activate
+    @patch.dict(
+        "os.environ",
+        {
+            "RSTUDIO_PRODUCT": "CONNECT",
+            "CONNECT_SERVER": "http://connect.example/",
+            "CONNECT_API_KEY": "12345",
+        },
+    )
+    def test_provider_with_url_override(self):
+        register_mocks()
+
+        provider = ViewerConnectClientProvider(
+            user_session_token="cit",
+            url_override="http://connect2.example/",
+        )
+        viewer_client = provider.get_client()
+        assert viewer_client is not None
+        assert viewer_client.cfg.url == "http://connect2.example/"
+        assert viewer_client.cfg.api_key == "viewer-api-key"
+
+    @responses.activate
+    @patch.dict("os.environ", {"RSTUDIO_PRODUCT": "CONNECT"})
+    def test_provider_with_client_override(self):
+        register_mocks()
+
         client = Client(api_key="12345", url="https://connect.example/")
         client._ctx.version = None
-        auth = ConnectAPIKeyProvider(
-            client=client,
+        provider = ViewerConnectClientProvider(
             user_session_token="cit",
+            client_override=client,
         )
-        assert auth.viewer == "viewer-api-key"
+        viewer_client = provider.get_client()
+        assert viewer_client is not None
+        assert viewer_client.cfg.url == "http://connect.example/"
+        assert viewer_client.cfg.api_key == "viewer-api-key"
 
+    @patch.dict(
+        "os.environ", {"CONNECT_SERVER": "http://connect.example/", "CONNECT_API_KEY": "12345"}
+    )
     def test_provider_fallback(self):
-        # local_authenticator is used when the content is running locally
+        # default client is used when the content is running locally
+        provider = ViewerConnectClientProvider(
+            user_session_token="cit",
+        )
+        viewer_client = provider.get_client()
+        assert viewer_client.cfg.url == "https://connect.example/"
+        assert viewer_client.cfg.api_key == "12345"
+
+    def test_provider_fallback_with_client_override(self):
+        # provided client is used when the content is running locally
         client = Client(api_key="12345", url="https://connect.example/")
         client._ctx.version = None
-        auth = ConnectAPIKeyProvider(
-            client=client,
+        provider = ViewerConnectClientProvider(
             user_session_token="cit",
+            client_override=client,
         )
-        assert auth.viewer is None
+        viewer_client = provider.get_client()
+        assert viewer_client.cfg.url == "https://connect.example/"
+        assert viewer_client.cfg.api_key == "12345"