From 7cc5cb20afe92eca929d1cafbfccef02069e5228 Mon Sep 17 00:00:00 2001
From: Nick Wallace <nwallace@fyberstudios.com>
Date: Mon, 14 May 2018 13:35:33 -0500
Subject: [PATCH] Edited access to check form value instead of get param

---
 access.go | 28 ++++++++++++++--------------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/access.go b/access.go
index 152db9c..36b38a5 100644
--- a/access.go
+++ b/access.go
@@ -159,9 +159,9 @@ func (s *Server) handleAuthorizationCodeRequest(w *Response, r *http.Request) *A
 	// generate access token
 	ret := &AccessRequest{
 		Type:            AUTHORIZATION_CODE,
-		Code:            r.Form.Get("code"),
-		CodeVerifier:    r.Form.Get("code_verifier"),
-		RedirectUri:     r.Form.Get("redirect_uri"),
+		Code:            r.FormValue("code"),
+		CodeVerifier:    r.FormValue("code_verifier"),
+		RedirectUri:     r.FormValue("redirect_uri"),
 		GenerateRefresh: true,
 		Expiration:      s.Config.AccessExpiration,
 		HttpRequest:     r,
@@ -291,8 +291,8 @@ func (s *Server) handleRefreshTokenRequest(w *Response, r *http.Request) *Access
 	// generate access token
 	ret := &AccessRequest{
 		Type:            REFRESH_TOKEN,
-		Code:            r.Form.Get("refresh_token"),
-		Scope:           r.Form.Get("scope"),
+		Code:            r.FormValue("refresh_token"),
+		Scope:           r.FormValue("scope"),
 		GenerateRefresh: true,
 		Expiration:      s.Config.AccessExpiration,
 		HttpRequest:     r,
@@ -362,9 +362,9 @@ func (s *Server) handlePasswordRequest(w *Response, r *http.Request) *AccessRequ
 	// generate access token
 	ret := &AccessRequest{
 		Type:            PASSWORD,
-		Username:        r.Form.Get("username"),
-		Password:        r.Form.Get("password"),
-		Scope:           r.Form.Get("scope"),
+		Username:        r.FormValue("username"),
+		Password:        r.FormValue("password"),
+		Scope:           r.FormValue("scope"),
 		GenerateRefresh: true,
 		Expiration:      s.Config.AccessExpiration,
 		HttpRequest:     r,
@@ -397,7 +397,7 @@ func (s *Server) handleClientCredentialsRequest(w *Response, r *http.Request) *A
 	// generate access token
 	ret := &AccessRequest{
 		Type:            CLIENT_CREDENTIALS,
-		Scope:           r.Form.Get("scope"),
+		Scope:           r.FormValue("scope"),
 		GenerateRefresh: false,
 		Expiration:      s.Config.AccessExpiration,
 		HttpRequest:     r,
@@ -424,9 +424,9 @@ func (s *Server) handleAssertionRequest(w *Response, r *http.Request) *AccessReq
 	// generate access token
 	ret := &AccessRequest{
 		Type:            ASSERTION,
-		Scope:           r.Form.Get("scope"),
-		AssertionType:   r.Form.Get("assertion_type"),
-		Assertion:       r.Form.Get("assertion"),
+		Scope:           r.FormValue("scope"),
+		AssertionType:   r.FormValue("assertion_type"),
+		Assertion:       r.FormValue("assertion"),
 		GenerateRefresh: false, // assertion should NOT generate a refresh token, per the RFC
 		Expiration:      s.Config.AccessExpiration,
 		HttpRequest:     r,
@@ -454,7 +454,7 @@ func (s *Server) FinishAccessRequest(w *Response, r *http.Request, ar *AccessReq
 	if w.IsError {
 		return
 	}
-	redirectUri := r.Form.Get("redirect_uri")
+	redirectUri := r.FormValue("redirect_uri")
 	// Get redirect uri from AccessRequest if it's there (e.g., refresh token request)
 	if ar.RedirectUri != "" {
 		redirectUri = ar.RedirectUri
@@ -559,4 +559,4 @@ func (s Server) setErrorAndLog(w *Response, responseError string, internalError
 	w.SetError(responseError, "")
 
 	s.Logger.Printf(format, append([]interface{}{responseError, internalError}, debugArgs...)...)
-}
\ No newline at end of file
+}