fix: resolve ApiToken reserved header exception (#146)

ApiToken credentials now handled via BuildHeaders method instead of
modifying DefaultHeaders, preventing reserved header validation error.

- Extract auth token retrieval to GetAuthenticationTokenAsync()
- Add comprehensive ApiClient tests
- Add regression test for issue #146

Author: daniel-jonathan

CHANGELOG.md

@@ -2,6 +2,9 @@
 
 ## [Unreleased](https://github.com/openfga/dotnet-sdk/compare/v0.8.0...HEAD)
 
+### Fixed
+- fix: ApiToken credentials no longer cause reserved header exception (#146)
+
 ## v0.8.0
 
 ### [0.8.0](https://github.com/openfga/dotnet-sdk/compare/v0.7.0...v0.8.0) (2025-10-22)

src/OpenFga.Sdk.Test/Api/OpenFgaApiTests.cs

@@ -184,6 +184,28 @@ public async Task ApiTokenSentInHeader() {
             );
         }
 
+        /// <summary>
+        /// Test that ApiToken credentials do not cause reserved header exception
+        /// </summary>
+        [Fact]
+        public void ApiTokenDoesNotSetReservedHeaderInDefaultHeaders() {
+            var config = new Configuration.Configuration() {
+                ApiHost = _host,
+                Credentials = new Credentials() {
+                    Method = CredentialsMethod.ApiToken,
+                    Config = new CredentialsConfig() {
+                        ApiToken = "some-token"
+                    }
+                }
+            };
+
+            // This should not throw an exception about reserved headers
+            config.EnsureValid();
+
+            // Verify that Authorization is NOT in DefaultHeaders
+            Assert.DoesNotContain("Authorization", config.DefaultHeaders.Keys);
+        }
+
         /// <summary>
         /// Test that providing no client id, secret, api token issuer or api audience when they are required should error
         /// </summary>