CreateAccessToken reveals username to host

IAuthorizationServerHost.CreateAccessToken now has access to authoring
usernames.

Fixes #219

1 files changed, 3 insertions, 3 deletions

diff --git a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/MessageValidationBindingElement.cs b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/MessageValidationBindingElement.cs
index 3eac5a6..500b91d 100644
--- a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/MessageValidationBindingElement.cs
+++ b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/MessageValidationBindingElement.cs
@@ -122,15 +122,15 @@ namespace DotNetOpenAuth.OAuth2.ChannelElements {
 				try {
 					var authorizeResult =
 						this.AuthorizationServer.CheckAuthorizeResourceOwnerCredentialGrant(
-							resourceOwnerPasswordCarrier.UserName, resourceOwnerPasswordCarrier.Password, resourceOwnerPasswordCarrier);
+							resourceOwnerPasswordCarrier.RequestingUserName, resourceOwnerPasswordCarrier.Password, resourceOwnerPasswordCarrier);
 					if (authorizeResult.IsApproved) {
 						resourceOwnerPasswordCarrier.CredentialsValidated = true;
-						resourceOwnerPasswordCarrier.UserName = authorizeResult.CanonicalUserName;
+						resourceOwnerPasswordCarrier.RequestingUserName = authorizeResult.CanonicalUserName;
 						resourceOwnerPasswordCarrier.Scope.ResetContents(authorizeResult.ApprovedScope);
 					} else {
 						Logger.OAuth.ErrorFormat(
 							"Resource owner password credential for user \"{0}\" rejected by authorization server host.",
-							resourceOwnerPasswordCarrier.UserName);
+							resourceOwnerPasswordCarrier.RequestingUserName);
 						throw new TokenEndpointProtocolException(accessTokenRequest, Protocol.AccessTokenRequestErrorCodes.InvalidGrant, AuthServerStrings.InvalidResourceOwnerPasswordCredential);
 					}
 				} catch (NotSupportedException) {