Although this is almost 4 years after the fact (now using and answering for MW 1.43+), I believe the answer would lie in having to modify the \MediaWiki\Auth\AuthManager.php config by adding an authentication provider class you create that implements \MediaWiki\Auth\AbstractPrimaryAuthenticationProvider and add it to your AuthManager's Config's primaryauth array (you can then change the sort value to prioritize your Token-based PrimAuthProvider above others), check out the LocalPasswordPrimaryAuthenticationProvider for reference.

Attempting this wouldn't be trivial, but does seem at least possible to do, as you'd have to make your own authentication provider and then implement that into AuthManager (via its config) to make sure it gets used in the Authentication process. For example, you can see all of the files that call beginAuthentication here and you can follow the source code from there to delve deeper into the authentication process.