mod_http_oauth2: Support HTTP Basic auth on token endpoint This is described in RFC 6749 section 2.3.1 and draft-ietf-oauth-v2-1-07 2.3.1 as the recommended way to transmit the client's credentials. The older spec even calls it the "client password", but the new spec clarifies that this is just another term for the client secret.

This module discards typing notifications sent to a bare host JID,
preventing error replies to be sent. These errors are harmless but can
be annoying sometimes if your client shows them prominently.