LightApi won't correctly set headers for requests

[guilhermeluizsp]

Each request method from LightAPI accepts a parameter header, which is used to populate the Headers of the HTTP request.

https://github.com/Avanade/Liquid-Application-Framework/blob/93f7874f2ead13d3602cc39fc1e9355206217f57/src/Liquid.Domain/API/LightAPI.cs#L62

https://github.com/Avanade/Liquid-Application-Framework/blob/93f7874f2ead13d3602cc39fc1e9355206217f57/src/Liquid.Domain/API/LightAPI.cs#L106

https://github.com/Avanade/Liquid-Application-Framework/blob/93f7874f2ead13d3602cc39fc1e9355206217f57/src/Liquid.Domain/API/LightAPI.cs#L148

https://github.com/Avanade/Liquid-Application-Framework/blob/93f7874f2ead13d3602cc39fc1e9355206217f57/src/Liquid.Domain/API/LightAPI.cs#L173

Those headers should only be sent with that specific request, but looking at the implementation we can see that it overrides the DefaultRequestHeaders of the underlying HttpClient:

https://github.com/Avanade/Liquid-Application-Framework/blob/93f7874f2ead13d3602cc39fc1e9355206217f57/src/Liquid.Domain/API/LightAPI.cs#L76-L80

(this is a code snippet from the Get method, but this logic repeats over every other method inside LightAPI)

This is problematic since headers added to that property will be sent to every request.

Also, if we start considering multi threaded scenarios, we may face race conditions (take #65 as an example. If two or more requests override the Authentication Header at the same time, we may face unexpected 401 (unauthorized) statuses since the wrong token would have been sent).

To fix this, we should instantiate a new HttpRequestMessage, override its Headers property and use the SendAsync method. That will created request-scoped headers.

var httpRequestMessage = new HttpRequestMessage
{
    Method = /*...*/,
    RequestUri = /*...*/,
    Headers = { 
        { "Header name", "Header value" },
    },
    Content = /*...*/
};

httpClient.SendAsync(httpRequestMessage)

[bruno-brant]

This should be priority. I'll create a new label for that.