private AuthorizationRequest passwordToken(AccessTokenRequest accessTokenRequest) { // Authenticate the resource owner AuthenticatedPrincipal principal = resourceOwnerAuthenticator.authenticate( accessTokenRequest.getUsername(), accessTokenRequest.getPassword()); if (principal == null) { throw new ValidationResponseException(ValidationResponse.INVALID_GRANT_PASSWORD); } AuthorizationRequest request = new AuthorizationRequest(); request.setClient(accessTokenRequest.getClient()); request.setPrincipal(principal); request.setGrantedScopes(accessTokenRequest.getScopeList()); return request; }