authStyleCache keys are not granular enough

[mateuszmidor]

The internal "authStyleCache" in golang.org/x/oauth2/internal/token.go is keyed with tokenURL.
This assumes that all applications under given tokenURL will use the same authentication style.
This might not be the case.
Given that I have an account in Okta and configure 2 applications under "https://dev-12345678.okta.com", first one authenticates with ClientSecret and second one with client_assertion, the following scenario fails for me:

1. first client authenticates with ClientSecret, and authStyleCache stores AuthStyleInHeader for https://dev-12345678.okta.com
2. second client authenticates with client_assertion, AuthStyleInHeader is read from cache for https://dev-12345678.okta.com, and BasicAuth is set in header, but in the same time client_assertion is set in request body
3. Okta responds with: oauth2: "invalid_request" "Cannot supply multiple client credentials. Use one of the following: credentials in the Authorization header, credentials in the post body, or a client_assertion in the post body."

I suppose the cache should be keyed with tokenURL+clientID; such combination fixes the problem for me.
Here is what I'm talking about: mateuszmidor@dea60b7
What is your opinion?