Fix #340 - only bar access_token as header

[jason-fox]

Proposed changes

Untested change, but this should allow the authzforce location to be queried using

curl -X GET \ 
  'http://keyrock/user?access_token={{access_token}}&app_id={{app_id}}&authzforce=true'

As was possible prior to Keyrock 8.4.0

Types of changes

What types of changes does your code introduce to the project: Put an x in the boxes that apply

• [x] Bugfix (non-breaking change which fixes an issue)
• [ ] New feature (non-breaking change which adds functionality)
• [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)

Checklist

Put an x in the boxes that apply. You can also fill these out after creating the PR. If you're unsure about any of them, don't hesitate to ask. We're here to help! This is simply a reminder of what we are going to look for before merging your code.

• [x] I have read the CONTRIBUTING doc
• [x] I have signed the CLA
• [ ] I have added tests that prove my fix is effective or that my feature works
• [ ] I have added necessary documentation (if appropriate)
• [ ] Any dependent changes have been merged and published in downstream modules

Further comments

If this is a relatively large or complex change, kick off the discussion by explaining why you chose the solution you did and what alternatives you considered, etc...

[github-actions[bot]]

CLA Assistant Lite bot All contributors have signed the CLA ✍️