Authenticate client within the ClientMixin

[jimmy-lt]

From RFC6749: "The authorization server MAY accept any form of client authentication meeting its security requirements.".

However given a client query and a request object, the authlib.specs.rfc6749.authenticate_client.authenticate_client function tries to apply multiple authentication methods to the client hopping that one of them will succeed. But the actual authentication method to use is not known and may be application specific.

I think that authentication should be delegated to the client itself (authlib.specs.rfc6749.models.ClientMixin) and developers will implement the correct authentication method depending of the type of client.

Common helpers can be provided through.

[lepture]

The design of authenticate_client is based on RFC7591, which will be implemented later. Each grant type can have its own client authentication methods, e.g.

1. authorization_code accepts confidential client and public client
2. implicit accepts only public client
3. others accept only confidential client

If you take a look into grants, you will find that there is a TOKEN_ENDPOINT_AUTH_METHODS. If you need to design another mean of authentication, you can register_authenticate_method and use this method in each grant type.