Add ability to use non-escaped header auth style

[mwielbut]

Some OAuth providers do not adhere to the standard of accepting query escaped credentials when using Basic header auth. If your client ID or client secret contains non-standard URL query characters they will be rejected by the OAuth provider.
The current implementation always query escapes the client_id and client_secret:
req.SetBasicAuth(url.QueryEscape(clientID), url.QueryEscape(clientSecret))
This PR proposes a new AuthStyle AuthStyleInHeaderNoEscape that will pass the credentials unescaped.
This has been raised several times:
#251
#318
#320
but without this feature this library cannot be used against some key OAuth providers.

This PR replaces #351 which was raised in an early version of the code.

[gopherbot]

This PR (HEAD: 04dcc31) has been imported to Gerrit for code review.

Please visit https://go-review.googlesource.com/c/oauth2/+/291529 to see it.

Tip: You can toggle comments from me using the comments slash command (e.g. /comments off)
See the Wiki page for more info

[gopherbot]

Message from Go Bot:

Patch Set 1:

Congratulations on opening your first change. Thank you for your contribution!

Next steps:
A maintainer will review your change and provide feedback. See
https://golang.org/doc/contribute.html#review for more info and tips to get your
patch through code review.

Most changes in the Go project go through a few rounds of revision. This can be
surprising to people new to the project. The careful, iterative review process
is our way of helping mentor contributors and ensuring that their contributions
have a lasting impact.

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/291529.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Matt Wielbut:

Patch Set 1:

(1 comment)

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/291529.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Andrii Deinega:

Patch Set 1:

(1 comment)

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/291529.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Andrii Deinega:

Patch Set 1:

(1 comment)

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/291529.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Cody Oss:

Patch Set 1: Code-Review-1

(1 comment)

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/291529.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Andrii Deinega:

Patch Set 1:

(1 comment)

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/291529.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Andrii Deinega:

Patch Set 1:

(1 comment)

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/291529.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Cody Oss:

Patch Set 1: Code-Review-1

(1 comment)

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/291529.
After addressing review feedback, remember to publish your drafts!

[sfroment]

Is it planned to merge this at one point ?

[tpihl]

They grew tired of saying no, so they said yes and then just no doing it. I am honestly less than impressed (i gave opinion more than a year ago in the source repo)

[MakotoE]

Thank you for posting this issue 4 years ago. I encountered this when I was trying to use this library with the go-oauth2/oauth2 library. I agree that this suggested feature will be very helpful and should fix my issue.

The relevant section of the RFC for Basic authentication scheme does not mention URL encoding at all.