The basic authorization is necessary to be supported when we do a client authentication.
It is written this rfc 2.3.1 Client password.
Some OAuth2.0 implementation doesn't allow to include a client ID and client secret in the both of the body and the Authorization header.
So, I did this pull request.
It is useful in the case that BASIC authorization id and password cannot be written in POST body.
(e.g I tried on http://developer.yahoo.co.jp/yconnect/)
So, custom header interface is necessary, I think.