As per the Bearer spec (draft 8, section 2) - there are three ways for a client
to specify the bearer token, in order of preference: Authorization Header,
POST and GET.
NB: Resource servers MUST accept tokens via the Authorization scheme
(http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-08#section-2).