Okta compatibility updates

[Deconstrained]

Inconsistencies have been discovered between Okta's API and the OAuth2 implementation in this library that affect its ability to successfully get all the way through the authorization flow.

These issues, which are addressed in this change set, are as follows:

• The client credentials are included in both the body (params) and in the basic authorization header; Okta will issue a 403 in response to this.
• Okta's response containing the access token is JSON-encoded, and since oauth2 does not by default support the JSON mimetype, the JSON string containing the token is treated as the token itself, which results in a 401 when making the final request to authenticate the user back to Okta.

[Deconstrained]

Heya, thanks for approving and sorry for the late response (same, re: notification)

No concern of backwards compatibility; Okta's OAuth2 API doesn't have any sort of versioning.

Tip of the hat to @Jonathan-Arias for helping me figure this one out