Double check credentials (bring them in the request)
around the BlobsResource, it was discussed that an added security measure could be to double-check that the credentials for the request match the user that is authenticated.
this is because the blobresource doesn't have any knowledge about what authentication mechanism is in place, so we discussed that an extra check might be good to prevent misconfigurations that would let any user access the blobs from a third user.
an easy way of doing this would be to add a credentials object to the request, and assert that the user part of the path matches the authenticated user.
user, blob_id = self._validate(request)
assert user == request.credentials.user