Support SCIM views with custom authentication mechanisms

[PIG208]

login_requried was added to SCIMView.dispatch in f791a44, marking all requests to the SCIM views required for authentication.

This ties with authentication based on the request.user object added by Django's AuthenticationMiddleware, therefore requiring us to actually have a User object representing an authenticated client.

This is not necessarily the case when there isn't a corresponding AUTH_USER_MODEL that can be associated with the SCIM client. login_required ensures the presence of user which is_authenticated, but it does not have anything to do directly with the views themselves.

A current workaround is to create a class preventing to be AUTH_USER_MODEL, that implements is_authenticated. This breaks type-safety and Django's expectation for request.user. But it would be better if django-scim2 actually supports custom authentication methods for the SCIM views.

Additional context can be found here.

[logston]

This is not necessarily the case when there isn't a corresponding AUTH_USER_MODEL that can be associated with the SCIM client.

Great point. A use case where unauthenticated requests are permitted was not considered when developing this package. Also, a use case where a non-Django (ie. AUTH_USER_MODEL) could authenticate to the views was not considered.

Do you have a suggested implementation? My initial reaction is to abstract away the .dispatch middleware and allow for a custom authn middleware before .dispatch is processed, as I believe you've suggested.

[PIG208]

Thank you! That sounds like a reasonable approach.

[andersk]

#82 still only supports predicates that are a function of AUTH_USER_MODEL objects (request.user). We want to authenticate SCIM views with a bearer token, not with Django’s user system, so that doesn’t help our use case. We need to use a predicate that’s a function of request, not a function of request.user.

[logston]

@andersk, please review #84 to ensure it meets your needs.