Fixes Issue #129

Not ideal, but effectively reverts the default behaviour of the library to how 0.9.8 worked,
that is it passes the access_token as a query parameter to the server.

To allow the utility 'get' method to use an Authorization header *instead* then you need to
explicitly enable this behaviour by using the method :

  var oa= new Oauth(...);
  oa.useAuthorizationHeaderforGET(true)

Note this can/should be used in conjunction with the other utility method:

  oa.setAuthMethod(...)

The default value for the Authorization header is 'Bearer'

If you're building your own requests using oa._request then there is a new exported
method:

  oa.buildAuthHeader(token)

tests/oauth2.js

@@ -64,21 +64,39 @@ vows.describe('OAuth2').addBatch({
           oa.getOAuthAccessToken("sdsds2", {grant_type:"refresh_token"} );
         }
       },
-      'When calling get with the default authorization method': {
-        'we should pass the authorization header with Bearer method and value of the access_token' : function(oa) {
-          oa._request= function(method, url, headers, post_body, access_token, callback) {
-            assert.equal(headers["Authorization"], "Bearer abcd5");
-          };
-          oa.get("", "abcd5");
+      'When we use the authorization header': {
+        'and call get with the default authorization method': {
+          'we should pass the authorization header with Bearer method and value of the access_token, _request should be passed a null access_token' : function(oa) {
+            oa._request= function(method, url, headers, post_body, access_token, callback) {
+              assert.equal(headers["Authorization"], "Bearer abcd5");
+              assert.isNull( access_token );
+            };
+            oa.useAuthorizationHeaderforGET(true);
+            oa.get("", "abcd5");
+          }
+        },
+        'and call get with the authorization method set to Basic': {
+          'we should pass the authorization header with Basic method and value of the access_token, _request should be passed a null access_token' : function(oa) {
+            oa._request= function(method, url, headers, post_body, access_token, callback) {
+              assert.equal(headers["Authorization"], "Basic cdg2");
+              assert.isNull( access_token );
+            };
+            oa.useAuthorizationHeaderforGET(true);
+            oa.setAuthMethod("Basic");
+            oa.get("", "cdg2");
+          }
         }
       },
-      'When calling get with the authorization method set to Basic': {
-        'we should pass the authorization header with Basic method and value of the access_token' : function(oa) {
-          oa._request= function(method, url, headers, post_body, access_token, callback) {
-            assert.equal(headers["Authorization"], "Basic cdg2");
-          };
-          oa.setAuthMethod("Basic");
-          oa.get("", "cdg2");
+      'When we do not use the authorization header': {
+        'and call get': {
+          'we should pass NOT provide an authorization header and the access_token should be being passed to _request' : function(oa) {
+            oa._request= function(method, url, headers, post_body, access_token, callback) {
+              assert.isUndefined(headers["Authorization"]);
+              assert.equal( access_token, "abcd5" );
+            };
+            oa.useAuthorizationHeaderforGET(false);
+            oa.get("", "abcd5");
+          }
         }
       }
     },