We sometimes update preexisting SAML SSO providers to configure them
to automatically create SSO identity verification (IdV) records when a
learner links an account via that provider. Turning that configuration
from off to on does make it such that when learners log back in via
their linked account, a new IdV record will be created for them. But
it's possible we'd want this process to happen more automatically and
seamlessly, for which this management command will be helpful.

Note that this does not help with removing SSO verification records
for a provider for which this configuration has been turned off.

JIRA:EDUCATOR-4947

the patched toggle was removed from edx-drf-extensions recently

* Remove ThirdPartyAuthProviderApiPermission

Also removed ProviderApiPermissions and ApiPermissionsAdminForm and removal of DOP for third_party_auth

* Removing model

* Replaced long_token with default_token_generator

* Adding skip to test_migrations_are_in_sync

The oauth2.enforce_jwt_scopes waffle switch was added temporarily for
the rollout of jwt scopes. This removes the toggle and replacing code
with the equivalent of `oauth2.enforce_jwt_scopes` as True.

* WIP: add third-party-auth scope and usage

BOM-1264


* Fix tests now that we do permissions in a more standard way.

Rather than manually setting the permission class we previously
explicitly raised a PermissionDenied exception.  The way DRF
permissoning logic works, if we use the WWW-Authenticate header in the
highest priority auth class, it will return a 401 instead of a 403.


* Added test to make sure having permissions gives access to user mapping api

* Test new filters logic.

Ensure that the filters we add to the application access model make it
into the JWT correctly.

* quality fix

* quality fix

* disable pylint warning

* quality fix

* fix indent prob

Co-authored-by: Feanil Patel <feanil@edx.org>
Co-authored-by: Manjinder Singh <49171515+jinder1s@users.noreply.github.com>

* Renamed OAuth2Authentication to BearerAuthentication
* Added back OAuth2Authentication name
-there are libraries such as edx-enterprise that still import OAuth2Authentication.  The OAuth2Authentication class should be fully removed when everything is importing BearerAuthentication correctly

- Removing deprecated auth classes
- Replacing OAuth2AuthenticationAllowInactiveUserDeprecated with OAuth2AuthenticationAllowInactiveUser
- the old class was a child class of a deprecated class that we are removing and replacing.

* Added new auth class

- Created new class called OAuth2AuthenticationAllowInactiveUser, which replaces old class with same name
- Renames previous  OAuth2AuthenticationAllowInactiveUser to  OAuth2AuthenticationAllowInactiveUserDeprecated
- Replaced all imports of  OAuth2AuthenticationAllowInactiveUser to call deprecated class instead
- testing new class in discussion(added flag based on django setting)

BOM-897

Currently, we are working on removing the rest_framework_auth library from edx-platform. For this push, we need to remove the oauth2Authentication class. This PR creates a new class oauth2AuthenticationDeprecated that adds additional new relic metrics. The metrics would allow us to see how often this class is used and its success rate. The hope is that this information will help us with transitioning to a different authentication class.

This will remove imports from __future__ that are no longer needed.

https://docs.python.org/3.5/library/2to3.html#2to3fixer-future

assertItemsEqual with six.assertCountEqual

This reverts commit 3d261798.

The change was not quite right because the method six provides needs to
have `self` be passed in as well.  See the docs here:
https://six.readthedocs.io/#unittest-assertions

Reverting for now and we can fix it in smaller chunks later.

View is combined with user SSO views.

Includes a new version of the view that takes explicit "username" or "email".

OC-4285

Note: this version update is backward incompatible.

ARCH-255

LEARNER-6469

Django 1.10 deprecation fix for Hackathon XIX
Addresses PLAT-1397

- Remove usage of django.urls.patterns
- Change urls tuples to lists
- Make all string view names callables

Refactoring: Use format with named variables

PSA was monolothic, now split, with new features, like
a DB-backed partial pipeline. FB OAuth2 version also upped.

Partial pipelines don't get cleared except when necessary.
They persist for special cases like change of browser while
still mid-pipeline (i.e. email validation step).

Refactor, cleanup, and update of a lot of small things as well.

PLEASE NOTE the new `social_auth_partial` table.

Please note that this is a squshed commit and the work of:
Symbolist, macdiesel, nedbat, doctoryes, muzaffaryousaf and muhammad-ammar

This mapping API enables the mapping between the edX user ID and the ID
provided by identity provider (IdP). For details, please see
https://github.com/edx/edx-platform/pull/9842