[All] add OAuthenticator.modify_auth_state_hook, allow get_user_groups / auth_state_groups_key to be async

[minrk]

closes #750

it feels a little weird to have auth_state_groups_key be a callable that actually fetches external info purely based on the config name, but it's what we have. Is there a better arrangement for adding more fields to the user model? e.g. something after token_to_user? I noted in #750 that extending token_to_user would work. Should we have a hook after token_to_user to allow additional modifications to the user model before things like groups get added, or is making this method/hook async enough?

[yuvipanda]

ya, how about an augment_auth_state_hook that gets called after authenticate, and can put random stuff in auth_state? Then we can leave the existing group management stuff as is, and replace all the 'override authenticator, override authenticate just to put stuff in auth_state' with that one hook.

[yuvipanda]

It can take the authenticator instance and existing auth_state as params, and return the augmented auth_state

[minrk]

Added modify_auth_state_hook config, run after build_auth_state but before update_auth_model, so it can modify the inputs to get_user_groups.

I left the async allowance in get_user_groups, since I think that makes sense generally, but now 'the way to do this' would be to use the hook (user) / build_auth_state (subclass).

[yuvipanda]

Generally looks good, one specific question about exception handling mechanism.

[minrk]

I don't see your question, did I miss something?

[yuvipanda]

Wouldn't the exception be thrown here on the await than earlier? Wouldn't that require us to be inside the try? I could be wrong...

[minrk]

You're 100% right, yes! Fixed.

[yuvipanda]

oops, something ate it! I've asked again.

[yuvipanda]

Thanks, @minrk