Update OAuth Token operations to new APIs (#2116)

* Update OAuth Token operations to new APIs

Per ['Deprecating OAuth Application API'](https://developer.github.com/changes/2020-02-14-deprecating-oauth-app-endpoint/)
the HTTP API endpoints called by CheckApplicationAuthentication,
ResetApplicationAuthentication and RevokeApplicationAuthentication are
being deprecated.

This PR updates those APIs to call the new HTTP API endpoints as
documented at the above link.

* Details

Amend CheckApplicationAuthentication, ResetApplicationAuthentication and
RevokeApplicationAuthentication to create an object containing the OAuth
access token and to call the single arg version of
ApiUrls.ApplicationAuthorization. The object is used as the request
body.

Amend CheckApplicationAuthentication to use POST.

Amend ResetApplicationAuthentication to use PATCH.

Remove the two arg version of ApiUrls.ApplicationAuthorization as it is
no longer called. Amend the single arg version to use the new API path.

Amend unit tests to account for the above changes.

* Update unit tests to check request payload

Add a check to the unit tests to verify that the request payload
contains an access_token field with the expected value.

Octokit.Tests/Clients/AuthorizationsClientTests.cs

@@ -290,9 +290,9 @@ public async Task ChecksApplicationAuthenticateAtCorrectUrl()
 
                 authEndpoint.CheckApplicationAuthentication("clientId", "accessToken");
 
-                client.Received().Get<ApplicationAuthorization>(
-                    Arg.Is<Uri>(u => u.ToString() == "applications/clientId/tokens/accessToken"),
-                    null);
+                client.Received().Post<ApplicationAuthorization>(
+                    Arg.Is<Uri>(u => u.ToString() == "applications/clientId/token"),
+                    Arg.Is<Object>(o => o.GetType().GetProperty("access_token").GetValue(o).ToString() == "accessToken"));
             }
 
             [Fact]
@@ -318,9 +318,9 @@ public async Task ResetsApplicationAuthenticationAtCorrectUrl()
 
                 authEndpoint.ResetApplicationAuthentication("clientId", "accessToken");
 
-                client.Received().Post<ApplicationAuthorization>(
-                    Arg.Is<Uri>(u => u.ToString() == "applications/clientId/tokens/accessToken"),
-                    Args.Object);
+                client.Received().Patch<ApplicationAuthorization>(
+                    Arg.Is<Uri>(u => u.ToString() == "applications/clientId/token"),
+                    Arg.Is<Object>(o => o.GetType().GetProperty("access_token").GetValue(o).ToString() == "accessToken"));
             }
 
             [Fact]
@@ -347,7 +347,8 @@ public async Task RevokesApplicationAuthenticationAtCorrectUrl()
                 authEndpoint.RevokeApplicationAuthentication("clientId", "accessToken");
 
                 client.Received().Delete(
-                    Arg.Is<Uri>(u => u.ToString() == "applications/clientId/tokens/accessToken"));
+                    Arg.Is<Uri>(u => u.ToString() == "applications/clientId/token"),
+                    Arg.Is<Object>(o => o.GetType().GetProperty("access_token").GetValue(o).ToString() == "accessToken"));
             }
 
             [Fact]

Octokit/Clients/AuthorizationsClient.cs

@@ -341,8 +341,13 @@ public Task<ApplicationAuthorization> CheckApplicationAuthentication(string clie
             Ensure.ArgumentNotNullOrEmptyString(clientId, nameof(clientId));
             Ensure.ArgumentNotNullOrEmptyString(accessToken, nameof(accessToken));
 
-            var endpoint = ApiUrls.ApplicationAuthorization(clientId, accessToken);
-            return ApiConnection.Get<ApplicationAuthorization>(endpoint, null);
+            var requestData = new
+            {
+                access_token = accessToken
+            };
+
+            var endpoint = ApiUrls.ApplicationAuthorization(clientId);
+            return ApiConnection.Post<ApplicationAuthorization>(endpoint, requestData);
         }
 
         /// <summary>
@@ -360,9 +365,13 @@ public Task<ApplicationAuthorization> ResetApplicationAuthentication(string clie
             Ensure.ArgumentNotNullOrEmptyString(clientId, nameof(clientId));
             Ensure.ArgumentNotNullOrEmptyString(accessToken, nameof(accessToken));
 
-            var requestData = new { };
+            var requestData = new
+            {
+                access_token = accessToken
+            };
 
-            return ApiConnection.Post<ApplicationAuthorization>(ApiUrls.ApplicationAuthorization(clientId, accessToken), requestData);
+            var endpoint = ApiUrls.ApplicationAuthorization(clientId);
+            return ApiConnection.Patch<ApplicationAuthorization>(endpoint, requestData);
         }
 
         /// <summary>
@@ -380,8 +389,13 @@ public Task RevokeApplicationAuthentication(string clientId, string accessToken)
             Ensure.ArgumentNotNullOrEmptyString(clientId, nameof(clientId));
             Ensure.ArgumentNotNullOrEmptyString(accessToken, nameof(accessToken));
 
-            return ApiConnection.Delete(
-                ApiUrls.ApplicationAuthorization(clientId, accessToken));
+            var requestData = new
+            {
+                access_token = accessToken
+            };
+
+            var endpoint = ApiUrls.ApplicationAuthorization(clientId);
+            return ApiConnection.Delete(endpoint, requestData);
         }
 
         /// <summary>

Octokit/Helpers/ApiUrls.Authorizations.cs

@@ -36,12 +36,7 @@ public static Uri AuthorizationsForClient(string clientId)
 
         public static Uri ApplicationAuthorization(string clientId)
         {
-            return "applications/{0}/tokens".FormatUri(clientId);
-        }
-
-        public static Uri ApplicationAuthorization(string clientId, string accessToken)
-        {
-            return "applications/{0}/tokens/{1}".FormatUri(clientId, accessToken);
+            return "applications/{0}/token".FormatUri(clientId);
         }
     }
 }