CDK: Authenticator doesn't support auth with query params

[keu]

Tell us about the problem you're trying to solve

The current implementation naively assumes that all authentication works through request headers, unfortunately, that is not the case, API keys can be sent via:

• query params
• cookies
• body post

Describe the solution you’d like

The authenticator should support only one method:

def authenticate(self, session: Session):
    pass

Describe the alternative you’ve considered or used

Set Authenticator to NoAuth and implement authentication in request_params method.

Additional context

Add any other context or screenshots about the feature request here.

Are you willing to submit a PR?

Your answer

┆Issue is synchronized with this Asana task by Unito

[htrueman]

Scoping report:

May be linked to #5246
During the research I've discovered that the best way to implement base universal authenticator class is to use it as auth argument to requests.Request class.

See docs: https://docs.python-requests.org/en/master/user/authentication/

Here is the suggested auth implementation:

• Create a base auth class (e.g. BaseAuthenticator), inherited from requests.auth.AuthBase;
• In this class we may add some base methods, so we could handle multiple authentication flows;
• All of the AuthBase authentication logics needs to be put inside the __call__ method (there is good article with examples http://xion.io/post/code/requests-query-string-auth.html)
• Create the child classes, which are going to implement some of our main authentication methods (currently NoAuth, Oauth2Authenticator, TokenAuthenticator)
• Update the rest of the codebase to support newly created authenticators (I think it should be done in the follow up issue, and before that it's better to keep both versions of the authenticator classes).

[keu]

we don't need NoAuth, as it is simply None

[keu]

also, it is better to have session auth instead of Request(auth=