Need support for session tokens (aka personal access tokens)

[whoisj]

Visual Studio Online now has support for scoped access tokens. If Infinity.NET supported them, then there would be no need for any complex authentication protocol support. It would involve a dependency on the Azure Directory Authentication Libraries (ADAL).

If that's allowed, I can help by adding in the required things to support session tokens.

[ethomson]

Neat. I'm not super familiar with ADAL. Does it work in Xamarin? Keeping this running in Xamarin and the various PCL profiles is high-priority, so I would like to make sure that it works. If not, then we can either:

1. We dynamically load ADAL and use reflection, or
2. Open up some functionality so that the caller can do the ADAL themselves and pass the tokens in.

I'm not sure which makes the most sense.

[ethomson]

See for example #11 which seems reasonable. If you had opinions on that PR it would be nice, I was getting ready to merge it. :)

[whoisj]

OAuth tokens should be supported. They're a good thing, but they are unscoped; meaning they represent a user account - regardless of domain or usage. They are very powerful tokens.

Session tokens can be scoped and limited in both domain and time. Session tokens allow an app to say things like: "I need to be user_xyz and have access to pull-requests until the end of the month".

In nearly any situation it is better to have a scoped and/or limited version of yourself presented.

As for ADAL, it supports everything - I think. There are likely issues with 2FA flows on Xamarian but I've never actually tried. The Azure folks have been very serious about supporting as many platforms as possible. https://github.com/AzureAD

[jasminsehic]

@gistofj not sure how valid this is today, if it is valid I would be happy to support a PR for this.