transparently use site auth in sidekick

[davidnuescheler]

i think that in many cases .page and .live could use the same token as the admin service, so it would be great if we could just use that site auth for sidekick.

maybe i am (as usual) oversimplifying things here :)

[rofe]

@tripodsan thoughts?

[tripodsan]

the main problem is how to transfer the token from the site auth to the sidekick?
we might be able to set it on *.hlx.page because it's a public domain:
https://publicsuffix.org/list/public_suffix_list.dat
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#domaindomain-value

then we would use the same token for all helix projects... which might be ok.

another sideeffect will be that we can't access the profile image anymore, since the token cannot be used to talk to the original IDP.

[davidnuescheler]

another sideeffect will be that we can't access the profile image anymore, since the token cannot be used to talk to the original IDP.

looking at the logs i am not sure that we can fetch that image reliably anyway... any thoughts on using gravatar?