Add an EntraID OIDC backend based on the included OpenIDConnectBackend

[ceko]

EntraID OIDC Backend

We have a need to use EntraID as an authentication backend, but EntraID does not closely follow the OpenID spec and can't be integrated with the current backends. In particular, the issuer used in discovery does not always match the issuer returned in other parts of the login flow.

I built a backend using the OpenIDConnectBackend as a model and integrated with the msal library. I also wrote several tests using the same backend's tests as a model for coverage.

Please let me know if this is something you'd like to include in the base product, if not I'll continue using it as a module in my SATOSA instance.

All Submissions:

• Have you checked to ensure there aren't other open Pull Requests for the same update/change?
• Have you added an explanation of what problem you are trying to solve with this PR?
• Have you added information on what your changes do and why you chose this as your solution?
• Have you written new tests for your changes?
• Does your submission pass tests?
• This project follows PEP8 style guide. Have you run your code against the 'flake8' linter?

[c00kiemon5ter]

Thank you for this work @ceko and thank for making the dependencies optional.

I think that we can pull this in. If we need to make changes and to maintain this module, would you want to be contacted to take care of this?

[ceko]

I don't need to be contacted, but I wouldn't mind being marked as a maintainer for this backend. Would this change make it into the Docker image as well? We are currently using the image for an upcoming project, I'd like to prepare for having/not having the msal library.

[ceko]

Also, @c00kiemon5ter, I'm doing this on behalf of Rochester Institute of Technology. Please let me know if you'd like anything from me to advertise that relationship.