Add authentication classes, move auth logic there

[EnricoMi]

Reduces complexity from Requester and moves lots of auth-specific logic into Auth implementations.

Fixes #2431.

Allows for easy fix of #2471 and #2504: EnricoMi#4.

Fixes bad code like

PyGithub/github/ApplicationOAuth.py

Line 94 in b94a83c

self._requester._Requester__authorizationHeader = None

https://github.com/PyGithub/PyGithub/pull/2528/files#diff-e1bc4144bb47d4a87072d8149e91f8c66463d81346d958b6f5d3d7dcd9f33375

This is backward compatible to existing auth arguments.

[codecov-commenter]

Codecov Report

Patch coverage: 91.36% and project coverage change: -0.12 ⚠️

Comparison is base (a8e7c42) 98.68% compared to head (756e953) 98.57%.

❗ Your organization is not using the GitHub App Integration. As a result you may experience degraded service beginning May 15th. Please install the Github App Integration for your organization. Read more.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #2528      +/-   ##
==========================================
- Coverage   98.68%   98.57%   -0.12%     
==========================================
  Files         117      118       +1     
  Lines       11831    11980     +149     
==========================================
+ Hits        11676    11809     +133     
- Misses        155      171      +16     

Impacted Files	Coverage Δ
github/Auth.py	89.30% <89.30%> (ø)
github/GithubIntegration.py	96.36% <92.30%> (-0.25%)	⬇️
github/Requester.py	97.97% <95.65%> (+0.45%)	⬆️
github/AppAuthentication.py	100.00% <100.00%> (ø)
github/ApplicationOAuth.py	97.91% <100.00%> (+0.09%)	⬆️
github/Consts.py	100.00% <100.00%> (ø)
github/MainClass.py	99.27% <100.00%> (+0.04%)	⬆️
github/__init__.py	93.75% <100.00%> (+0.41%)	⬆️

... and 1 file with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

[JLLeitschuh]

Probably good to fail-fast here and verify that these aren't empty or None at this point

[EnricoMi]

I agree, but asserting for not None is not common in this project, and I am too lazy to start this.

Given the arguments are not optional, None values would be surprising from a user point of view. Also, typing suggests None is not allowed.

[JLLeitschuh]

Sure, but id suggest checking for empty.

The rationale being that, for most of the API, the use of the passed arguments is immediate, here they are passed and used later.

[EnricoMi]

done

[JLLeitschuh]

I would add a type check, and an emptiness check here as a sanity check

[EnricoMi]

done

[JLLeitschuh]

General suggestion for this class. Consider using the python @dataclass annotation on these classes with the frozen=True flag.

These classes should be immutable, right?

[EnricoMi]

I would love to use immutable classes here, but I prefer to keep the code base consistent. Maybe a future rework.

[EnricoMi]

Btw., some auth classes like the AppInstallationAuth has to refresh its token, so they are not all immutable.

[JLLeitschuh]

Can't these be declared at the top of the class?

[EnricoMi]

The import is here for typing. It is imported here because this would cause a circular import otherwise.

The declaration cannot happen in the class body as this would also cause the circular import. Suggestions welcome.

[EnricoMi]

I stand corrected, the import can happen in the class body, will fix.

[JLLeitschuh]

What if no auth is provided, is that anonymous auth at that point? Should an Auth.Auth type for anonymous access be added too, just so that there isn't a 'None' case?

[JLLeitschuh]

Also, is there any standard in the library for being explicit about what version release of the library will formally remove the support for these deprecated APIs?

[EnricoMi]

Well, I think that should be removed in the next major release (v2) as this is quite fundamental / widespread use.

We have seen lots of small breaking changes in minor releases, recently, and given there is a lot of refactoring still need, I would refrain from following semantic versioning.

[EnricoMi]

What if no auth is provided, is that anonymous auth at that point? Should an Auth.Auth type for anonymous access be added too, just so that there isn't a 'None' case?

Good point. I think auth=None is expressive enough. I don't see benefit for an NoAuth or Anonymous auth class.

[JLLeitschuh]

Any assertions you want to put in here around verifying that the warning is logged?

[EnricoMi]

done

[JLLeitschuh]

I think to be correct, this needs to also implement ABC

Suggested change

	class Auth:
	class Auth(abc.ABC):

[EnricoMi]

done

[JLLeitschuh]

One final thing about ABC, and I think this is good to go

[JLLeitschuh]

LGTM!

[EnricoMi]

Thanks!