Handle deserialization based on content-type response header

[demianbrecht]

Deserialization of response data when swapping the code for access token is currently horribly naive. Instead, it should be able to rely on the response content type to determine deserialization method.