Auth backend proposal to address #50

[masci]

No description provided.

[coveralls]

Coverage remained the same when pulling 1e13b87 on auth_backend into 88ae620 on master.

[synasius]

I think you can merge this PR!

BTW, what about the 'scopes' of the access token ?? Should we involve them somehow in the authentication process?

Suppose we have a view 'A'. This view need the user to have permission 'P' (provided by django permissions system) and requires scope 'S'. What happens if a user that has permission 'P' but authenticates using a token that does not provide scope 'S'? Should we check both? How?

Just speculating, but we should deepen the problem

[masci]

With current implementation the authentication process does not take in account scopes at all.
This will not prevent users to protect views with OAuth2 protocol and scopes utilization, either before or after authentication.

This is just one of the possible solutions, so we remain open to changes and suggestions on this matter.