# File lib/oauth2/strategy/password.rb, line 13
      def get_access_token(username, password, options={})
        response = @client.request(:post, @client.access_token_url, access_token_params(username, password, options))

        params   = MultiJson.decode(response) rescue nil
        # the ActiveSupport JSON parser won't cause an exception when
        # given a formencoded string, so make sure that it was
        # actually parsed in an Hash. This covers even the case where
        # it caused an exception since it'll still be nil.
        params   = Rack::Utils.parse_query(response) unless params.is_a? Hash

        access   = params.delete('access_token')
        refresh  = params.delete('refresh_token')
        expires_in = params.delete('expires_in')
        OAuth2::AccessToken.new(@client, access, refresh, expires_in, params)
      end