#270, #357 - AdfsRefreshMiddleware & AdfsAuthCodeRefreshBackend

[sdev95]

Hi,

As mentioned in #270, #357, this would be a great addition to the library and the other PR ( #343 ) seems stale or hopefully he is having a great long holiday :). I will attempt to continue the effort from @Dejiah and @daggaz in this PR.

I tried to solve your feedback on the previous PR @tim-schilling. The PR is not ready yet, but since I like quick feedback loops I decided to create it already. I have been working with Django for 6 months, so any general feedback besides this feature is greatly appreciated.

Feedback
Security concerns about storing token data in the session:
My current approach is to check the value of SESSION_ENGINE, and it will throw an assert message that says that it is not recommended.

Prevent the library from storing tokens in the session:
I agree with you, we should not make a choice for all users of the library to store token data in the session. I saw feedback from @daggaz in the other PR and I like the idea of having a seperate backend class that has al the logic for doing the auth code flow with refreshing.

Move as much of the new changes to the middleware instead of the backend:
I prefer a solution where we have a new backendclass.

There needs to be some documentation/tests:
I will pick this up once the general direction is agreed upon.

Kind regards and thank you for any effort in reviewing, I will have time to act upon feedback upcoming weeks 👍

[tim-schilling]

@sdev95 I'm not going to have time to review this for quite a while. If you don't hear from me and it's August, please feel free to @/mention me again.