Authorization Server hosts now instantiate their own AccessTokens rather than just parameters.

AccessTokens are now serialized via a virtual method on that instance.
Fixes #38, I think.

1 files changed, 2 insertions, 1 deletions

diff --git a/src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/StandardAccessTokenAnalyzer.cs b/src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/StandardAccessTokenAnalyzer.cs
index 992e93c..54d86ff 100644
--- a/src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/StandardAccessTokenAnalyzer.cs
+++ b/src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/StandardAccessTokenAnalyzer.cs
@@ -50,7 +50,8 @@ namespace DotNetOpenAuth.OAuth2 {
 		/// <exception cref="ProtocolException">Thrown if the access token is expired, invalid, or from an untrusted authorization server.</exception>
 		public virtual AccessToken DeserializeAccessToken(IDirectedProtocolMessage message, string accessToken) {
 			var accessTokenFormatter = AccessToken.CreateFormatter(this.AuthorizationServerPublicSigningKey, this.ResourceServerPrivateEncryptionKey);
-			var token = accessTokenFormatter.Deserialize(message, accessToken, Protocol.access_token);
+			var token = new AccessToken();
+			accessTokenFormatter.Deserialize(token, message, accessToken, Protocol.access_token);
 			return token;
 		}
 	}