The type of token isn't what at's issue here, it's the method of obtaining one. OAuth 2.0 doesn't make a distinction between bearer and HMAC tokens during the authori[s]ation phase, which is what this article and discussion is about.
By the by, bearer tokens over SSL are not a great option given the lax enforcement of SSL policy by many actors in the domain. HMAC tokens provide a much higher level of security (and, contrary to your implication, are specified alongside bearer tokens with the OAuth 2.0 specification).
By the by, bearer tokens over SSL are not a great option given the lax enforcement of SSL policy by many actors in the domain. HMAC tokens provide a much higher level of security (and, contrary to your implication, are specified alongside bearer tokens with the OAuth 2.0 specification).