So, federated login systems such as often handle only user identity
authentication, which is what the AuthBackend does. Sometimes, users can
self-register, and systems such as django-cas-ng (for CAS, not Oauth2).
Oauth2, although actually granting authorization to the identity
provider's platform
This is essentially an RFC. I've become more familiar with Django's
authentication backend system lately, and something has stood out to me
that I'd like to draw attention to.
A new site built with Django is likely to use the default ModelBackend,
which includes a user_can_authenticate