The most common argument is that you should not put sensitive information in a query string (GET parameter) as Web servers typically log the HTTP request URL. POST data can be arbitrarily long, so is not usually logged. Therefore when you’re dealing with something like client_secret or code (although it’s one time use), it makes sense to have that passed in the POST payload.
IMHO, if you’re using an OAuth 2.0 flow that doesn’t require client_secret’s (or you put that in the HTTP Authorization header, as recommended) – I don’t see an issue with allowing GET.