Support Authorization header passed as ENV var

Some hosts (at this point I only know of Fortrabbit) require Authorization headers to be passed as an environment variable, which PHP will then shove into . See more: http://fortrabbit.com/docs/essentials/quirks-and-constraints\#authorization-header

src/League/OAuth2/Server/Resource.php

@@ -185,7 +185,7 @@ public function isValid($headersOnly = false)
 
         $result = $this->storages['session']->validateAccessToken($accessToken);
 
-        if ( ! $result) {
+        if (! $result) {
             throw new Exception\InvalidAccessTokenException('Access token is not valid');
         }
 
@@ -227,7 +227,7 @@ public function hasScope($scopes)
             return false;
         } elseif (is_array($scopes)) {
             foreach ($scopes as $scope) {
-                if ( ! in_array($scope, $this->sessionScopes)) {
+                if (! in_array($scope, $this->sessionScopes)) {
                     return false;
                 }
             }
@@ -246,7 +246,15 @@ public function hasScope($scopes)
      */
     public function determineAccessToken($headersOnly = false)
     {
-        if ($header = $this->getRequest()->header('Authorization')) {
+        // Try to get it directly from a header
+        if (! $header = $this->getRequest()->header('Authorization')) {
+
+            // Failing that try getting it from a server variable
+            $header = $this->getRequest()->server('HTTP_AUTHORIZATION');
+        }
+
+        // One of them worked
+        if ($header) {
             // Check for special case, because cURL sometimes does an
             // internal second request and doubles the authorization header,
             // which always resulted in an error.
@@ -271,5 +279,4 @@ public function determineAccessToken($headersOnly = false)
 
         return $accessToken;
     }
-
 }