diff --git a/authorize.go b/authorize.go
index f5c67d1..982d000 100644
--- a/authorize.go
+++ b/authorize.go
@@ -107,7 +107,7 @@ func (s *Server) HandleAuthorizeRequest(w *Response, r *http.Request) *Authorize
 	r.ParseForm()
 
 	// create the authorization request
-	unescapedUri, err := url.QueryUnescape(r.Form.Get("redirect_uri"))
+	unescapedUri, err := url.QueryUnescape(r.FormValue("redirect_uri"))
 	if err != nil {
 		w.SetErrorState(E_INVALID_REQUEST, "", "")
 		w.InternalError = err
@@ -115,15 +115,15 @@ func (s *Server) HandleAuthorizeRequest(w *Response, r *http.Request) *Authorize
 	}
 
 	ret := &AuthorizeRequest{
-		State:       r.Form.Get("state"),
-		Scope:       r.Form.Get("scope"),
+		State:       r.FormValue("state"),
+		Scope:       r.FormValue("scope"),
 		RedirectUri: unescapedUri,
 		Authorized:  false,
 		HttpRequest: r,
 	}
 
 	// must have a valid client
-	ret.Client, err = w.Storage.GetClient(r.Form.Get("client_id"))
+	ret.Client, err = w.Storage.GetClient(r.FormValue("client_id"))
 	if err == ErrNotFound {
 		w.SetErrorState(E_UNAUTHORIZED_CLIENT, "", ret.State)
 		return nil
@@ -156,7 +156,7 @@ func (s *Server) HandleAuthorizeRequest(w *Response, r *http.Request) *Authorize
 
 	w.SetRedirect(ret.RedirectUri)
 
-	requestType := AuthorizeRequestType(r.Form.Get("response_type"))
+	requestType := AuthorizeRequestType(r.FormValue("response_type"))
 	if s.Config.AllowedAuthorizeTypes.Exists(requestType) {
 		switch requestType {
 		case CODE:
@@ -164,14 +164,14 @@ func (s *Server) HandleAuthorizeRequest(w *Response, r *http.Request) *Authorize
 			ret.Expiration = s.Config.AuthorizationExpiration
 
 			// Optional PKCE support (https://tools.ietf.org/html/rfc7636)
-			if codeChallenge := r.Form.Get("code_challenge"); len(codeChallenge) == 0 {
+			if codeChallenge := r.FormValue("code_challenge"); len(codeChallenge) == 0 {
 				if s.Config.RequirePKCEForPublicClients && CheckClientSecret(ret.Client, "") {
 					// https://tools.ietf.org/html/rfc7636#section-4.4.1
 					w.SetErrorState(E_INVALID_REQUEST, "code_challenge (rfc7636) required for public clients", ret.State)
 					return nil
 				}
 			} else {
-				codeChallengeMethod := r.Form.Get("code_challenge_method")
+				codeChallengeMethod := r.FormValue("code_challenge_method")
 				// allowed values are "plain" (default) and "S256", per https://tools.ietf.org/html/rfc7636#section-4.3
 				if len(codeChallengeMethod) == 0 {
 					codeChallengeMethod = PKCE_PLAIN
diff --git a/example/complete/complete.go b/example/complete/complete.go
index fc88311..51f18f4 100644
--- a/example/complete/complete.go
+++ b/example/complete/complete.go
@@ -103,7 +103,7 @@ func main() {
 	http.HandleFunc("/appauth/code", func(w http.ResponseWriter, r *http.Request) {
 		r.ParseForm()
 
-		code := r.Form.Get("code")
+		code := r.FormValue("code")
 
 		w.Write([]byte("<html><body>"))
 		w.Write([]byte("APP AUTH - CODE<br/>"))
@@ -121,7 +121,7 @@ func main() {
 			url.QueryEscape("http://localhost:14000/appauth/code"), url.QueryEscape(code))
 
 		// if parse, download and parse json
-		if r.Form.Get("doparse") == "1" {
+		if r.FormValue("doparse") == "1" {
 			err := example.DownloadAccessToken(fmt.Sprintf("http://localhost:14000%s", aurl),
 				&osin.BasicAuth{"1234", "aabbccdd"}, jr)
 			if err != nil {
@@ -318,7 +318,7 @@ func main() {
 		w.Write([]byte("APP AUTH - REFRESH<br/>"))
 		defer w.Write([]byte("</body></html>"))
 
-		code := r.Form.Get("code")
+		code := r.FormValue("code")
 
 		if code == "" {
 			w.Write([]byte("Nothing to do"))
@@ -369,7 +369,7 @@ func main() {
 		w.Write([]byte("APP AUTH - INFO<br/>"))
 		defer w.Write([]byte("</body></html>"))
 
-		code := r.Form.Get("code")
+		code := r.FormValue("code")
 
 		if code == "" {
 			w.Write([]byte("Nothing to do"))
diff --git a/example/goauth2client/goauth2client.go b/example/goauth2client/goauth2client.go
index b68cc29..1546240 100644
--- a/example/goauth2client/goauth2client.go
+++ b/example/goauth2client/goauth2client.go
@@ -86,7 +86,7 @@ func main() {
 	http.HandleFunc("/appauth/code", func(w http.ResponseWriter, r *http.Request) {
 		r.ParseForm()
 
-		code := r.Form.Get("code")
+		code := r.FormValue("code")
 
 		w.Write([]byte("<html><body>"))
 		w.Write([]byte("APP AUTH - CODE<br/>"))
@@ -101,7 +101,7 @@ func main() {
 		var err error
 
 		// if parse, download and parse json
-		if r.Form.Get("doparse") == "1" {
+		if r.FormValue("doparse") == "1" {
 			jr, err = client.Exchange(oauth2.NoContext, code)
 			if err != nil {
 				jr = nil
diff --git a/example/helper.go b/example/helper.go
index f0bc3c2..f920dad 100644
--- a/example/helper.go
+++ b/example/helper.go
@@ -11,7 +11,7 @@ import (
 
 func HandleLoginPage(ar *osin.AuthorizeRequest, w http.ResponseWriter, r *http.Request) bool {
 	r.ParseForm()
-	if r.Method == "POST" && r.Form.Get("login") == "test" && r.Form.Get("password") == "test" {
+	if r.Method == "POST" && r.FormValue("login") == "test" && r.FormValue("password") == "test" {
 		return true
 	}
 
diff --git a/example/jwttoken/jwttoken.go b/example/jwttoken/jwttoken.go
index c2d36ee..9a1061e 100644
--- a/example/jwttoken/jwttoken.go
+++ b/example/jwttoken/jwttoken.go
@@ -122,7 +122,7 @@ func main() {
 	http.HandleFunc("/appauth/code", func(w http.ResponseWriter, r *http.Request) {
 		r.ParseForm()
 
-		code := r.Form.Get("code")
+		code := r.FormValue("code")
 
 		w.Write([]byte("<html><body>"))
 		w.Write([]byte("APP AUTH - CODE<br/>"))
@@ -140,7 +140,7 @@ func main() {
 			url.QueryEscape("http://localhost:14000/appauth/code"), url.QueryEscape(code))
 
 		// if parse, download and parse json
-		if r.Form.Get("doparse") == "1" {
+		if r.FormValue("doparse") == "1" {
 			err := example.DownloadAccessToken(fmt.Sprintf("http://localhost:14000%s", aurl),
 				&osin.BasicAuth{"1234", "aabbccdd"}, jr)
 			if err != nil {
diff --git a/example/simple/simple.go b/example/simple/simple.go
index 6b14843..411e9ed 100644
--- a/example/simple/simple.go
+++ b/example/simple/simple.go
@@ -73,7 +73,7 @@ func main() {
 	http.HandleFunc("/appauth/code", func(w http.ResponseWriter, r *http.Request) {
 		r.ParseForm()
 
-		code := r.Form.Get("code")
+		code := r.FormValue("code")
 
 		w.Write([]byte("<html><body>"))
 		w.Write([]byte("APP AUTH - CODE<br/>"))
@@ -91,7 +91,7 @@ func main() {
 			url.QueryEscape("http://localhost:14000/appauth/code"), url.QueryEscape(code))
 
 		// if parse, download and parse json
-		if r.Form.Get("doparse") == "1" {
+		if r.FormValue("doparse") == "1" {
 			err := example.DownloadAccessToken(fmt.Sprintf("http://localhost:14000%s", aurl),
 				&osin.BasicAuth{"1234", "aabbccdd"}, jr)
 			if err != nil {
diff --git a/util.go b/util.go
index be1e988..a630998 100644
--- a/util.go
+++ b/util.go
@@ -71,7 +71,7 @@ func CheckBasicAuth(r *http.Request) (*BasicAuth, error) {
 // Return "Bearer" token from request. The header has precedence over query string.
 func CheckBearerAuth(r *http.Request) *BearerAuth {
 	authHeader := r.Header.Get("Authorization")
-	authForm := r.Form.Get("code")
+	authForm := r.FormValue("code")
 	if authHeader == "" && authForm == "" {
 		return nil
 	}
@@ -98,8 +98,8 @@ func (s Server) getClientAuth(w *Response, r *http.Request, allowQueryParams boo
 		// Allow for auth without password
 		if _, hasSecret := r.Form["client_secret"]; hasSecret {
 			auth := &BasicAuth{
-				Username: r.Form.Get("client_id"),
-				Password: r.Form.Get("client_secret"),
+				Username: r.FormValue("client_id"),
+				Password: r.FormValue("client_secret"),
 			}
 			if auth.Username != "" {
 				return auth