Update GitHub authorization to use token in header instead of query

As outlined in [1], tokens have to be passed as header instead of query
params to Github now.

[1] https://developer.github.com/changes/2020-02-10-deprecating-auth-through-query-param/

Originally commited as cosmocode/dokuwiki-plugin-oauth#90

Author: thess

src/OAuth/OAuth2/Service/AbstractService.php

@@ -166,6 +166,8 @@ public function request($path, $method = 'GET', $body = null, array $extraHeader
             $uri->addToQuery('auth', $token->getAccessToken());
         } elseif (static::AUTHORIZATION_METHOD_HEADER_BEARER === $this->getAuthorizationMethod()) {
             $extraHeaders = array_merge(['Authorization' => 'Bearer ' . $token->getAccessToken()], $extraHeaders);
+        } elseif (static::AUTHORIZATION_METHOD_HEADER_TOKEN === $this->getAuthorizationMethod()) {
+            $extraHeaders = array_merge(array('Authorization' => 'token ' . $token->getAccessToken()), $extraHeaders);
         }
 
         $extraHeaders = array_merge($this->getExtraApiHeaders(), $extraHeaders);

src/OAuth/OAuth2/Service/GitHub.php

@@ -159,7 +159,7 @@ public function getAccessTokenEndpoint()
      */
     protected function getAuthorizationMethod()
     {
-        return static::AUTHORIZATION_METHOD_QUERY_STRING;
+        return static::AUTHORIZATION_METHOD_HEADER_TOKEN;
     }
 
     /**

src/OAuth/OAuth2/Service/ServiceInterface.php

@@ -19,6 +19,7 @@ interface ServiceInterface extends BaseServiceInterface
     const AUTHORIZATION_METHOD_QUERY_STRING_V2 = 3;
     const AUTHORIZATION_METHOD_QUERY_STRING_V3 = 4;
     const AUTHORIZATION_METHOD_QUERY_STRING_V4 = 5;
+    const AUTHORIZATION_METHOD_HEADER_TOKEN = 6;
 
     /**
      * Retrieves and stores/returns the OAuth2 access token after a successful authorization.

tests/Unit/OAuth2/Service/GitHubTest.php

@@ -90,7 +90,7 @@ public function testGetAccessTokenEndpoint(): void
     public function testGetAuthorizationMethod(): void
     {
         $client = $this->createMock('\\OAuth\\Common\\Http\\Client\\ClientInterface');
-        $client->expects(self::once())->method('retrieveResponse')->willReturnArgument(0);
+        $client->expects(self::once())->method('retrieveResponse')->willReturnArgument(2);
 
         $token = $this->createMock('\\OAuth\\OAuth2\\Token\\TokenInterface');
         $token->expects(self::once())->method('getEndOfLife')->willReturn(TokenInterface::EOL_NEVER_EXPIRES);
@@ -105,10 +105,9 @@ public function testGetAuthorizationMethod(): void
             $storage
         );
 
-        $uri = $service->request('https://pieterhordijk.com/my/awesome/path');
-        $absoluteUri = parse_url($uri->getAbsoluteUri());
-
-        self::assertSame('access_token=foo', $absoluteUri['query']);
+        $headers = $service->request('https://pieterhordijk.com/my/awesome/path');
+        self::assertArrayHasKey('Authorization', $headers);
+        self::assertTrue(in_array('token foo', $headers, true));
     }
 
     /**