Support signing OAuth2 requests via a header parameter #34
The OAuth2 standard recommends signing requests via a header, instead of via a query parameter. The gist of this is that URIs tend to be logged or copy-pasted, whereas headers are less likely to float around. (I've often seen this with users trying to debug a failing API call on a mailing list or stackoverflow, for instance.)
This is easy enough to support -- I'm happy to send a pull request, but wanted to see if there was a reason query was currently the default. In particular, would switching the default (as a follow-up change) be reasonable?