Verify the app uses the token of the logged in/connected user when making API calls

[sidko]

Some external users have been using a universal auth token to call read-only API endpoints. We want to move to a system where we are using the auth token of the logged in user to manage all calls for that user. If multiple users are connected, then each users' calls should use that user's auth token. This is until we have a client credential flow where the app can use its own auth token. See https://github.com/TuringAdvisoryGroup/product/issues/19

• Test all the flows are still working after we did some backend changes. Specifically, make sure the hasbalance endpoint is working right
• Connect several users to the app. Have the example app make API calls on behalf of these users (read only, write, etc.) Make sure that each call is using the authorization for that particular user

CC @marlon-wiprud