Updated Authorization header token lookup to allow the "Bearer" prefix

[jayzes]

From what I can tell, the current standard is to use the "Bearer" keyword in the Authorization header, instead of "OAuth" as this gem currently has it implemented. I changed it to support the newer keyword, but kept compatibility with the OAuth prefix for those relying on that behavior. Specs included as well.

[jcoglan]

This gem implements draft 10, and I'm not planning on implementing updates until the spec is finalized, unless there is a compelling security argument. There are just too many drafts to make implementing all the intervening updates worthwhile.

If/when the spec is finalized, we will consider updating this project to the final spec, at which point I will merge this in. I just don't want a codebase that's a mix of various draft details in the meantime.

[lite72]

I'd like to clarify this thing a little bit more. Does the current standard require either Bearer or OAuth to be used as prefix? Current code requires either of these.

[jcoglan]

The draft we support only allows OAuth as the Authorization header prefix, per http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-5.1.1.

[jcoglan]

Closing since we won't change this unless the spec is finalized.