In my experience it will depend on whether or not you are using a controller. If you are using a controller, then you can set your switch port to do dot1x and everything will work as expected due to GRE tunneling. If you are using IAPs, then you have not choice but to configure the port as a trunk,
When I was testing doing dot1x with IAPs, the APs could get IPs, and the clients connected to the AP would auth, but no IP was never obtained due to how the work was configured.
I could definitely be wrong, this is just my experience.