It's probably not a "best practice", but I had a need to support a client sending an OAUTH token via a query string instead of in the request header.

The restify-oauth2 module needs the token to be in an `authorization` header of the request.

I was able to utilize `server.pre` to set the header accordingly if `token=` is detected in the query string.

server.pre(function(req, res, next) {
  var matches = req.url.match(/token=([^&]*)/);
  if (matches && matches[1]) {
    debug('token', matches[1]);
    req.headers.authorization = 'Bearer ' + matches[1];
  }
  return next();
});