According to the spec:
The client MUST use the HTTP "POST" method when making access token requests.
https://tools.ietf.org/html/rfc6749#section-3.2