The specs is here http://self-issued.info/docs/draft-ietf-oauth-v2-bearer.html#query-param . We may need to add support for 2.2 and 2.3 .
Not sure if it should be enabled by default or just on demand (There are some security implications for sending token in query param. See the specs). Maybe we can support authentication through token in query parameter just for HTTP Upgrade requests.