support HTTP Basic Authentication for client authentication

[mikanmarusan]

Hi, crhym3

It seems that simpleauth supports using client_id / client_secret in the request-body for client authentication.

Howerver, OAuth 2.0 protocol says,

http://tools.ietf.org/html/rfc6749#section-2.3.1

Including the client credentials in the request-body using the two
parameters is NOT RECOMMENDED and SHOULD be limited to clients unable
to directly utilize the HTTP Basic authentication scheme (or other
password-based HTTP authentication schemes)

Please support the HTTP Basic authentication scheme for client authentication, especailly at token endpoint

[x1ddos]

Hey @mikanmarusan could you clarify which part of the code you are referring to? I suspect you're talking about _get_*_user_info methods but wanted to make sure.

[mikanmarusan]

Hi, @crhym3
Sorry for the late reply.

I am referring to the _oauth2_callback function in the SimpleAuthHandler class,
https://github.com/crhym3/simpleauth/blob/84620d3db5670a20108d14d5021a42b69020c1e8/simpleauth/handler.py#L216-234

[x1ddos]

@mikanmarusan care to provide a PR?