diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/token/ChainedTokenGranter.java b/openid-connect-server/src/main/java/org/mitre/oauth2/token/ChainedTokenGranter.java
index a183ad34d..f4e81b0b0 100644
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/token/ChainedTokenGranter.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/token/ChainedTokenGranter.java
@@ -16,7 +16,6 @@ import org.springframework.security.oauth2.common.exceptions.InvalidScopeExcepti
 import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
 import org.springframework.security.oauth2.provider.AuthorizationRequest;
 import org.springframework.security.oauth2.provider.AuthorizationRequestManager;
-import org.springframework.security.oauth2.provider.DefaultAuthorizationRequest;
 import org.springframework.security.oauth2.provider.OAuth2Authentication;
 import org.springframework.security.oauth2.provider.token.AbstractTokenGranter;
 import org.springframework.stereotype.Component;
@@ -77,7 +76,7 @@ public class ChainedTokenGranter extends AbstractTokenGranter {
 	    if (approvedScopes.containsAll(requestedScopes)) {
 
 	    	// build an appropriate auth request to hand to the token services layer
-	    	DefaultAuthorizationRequest outgoingAuthRequest = new DefaultAuthorizationRequest(authorizationRequest);
+	    	AuthorizationRequest outgoingAuthRequest = authorizationRequestManager.createFromExisting(authorizationRequest);
 	    	outgoingAuthRequest.setApproved(true);
 	    	if (requestedScopes.isEmpty()) {
 	    		// if there are no scopes, inherit the original scopes from the token
diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/ConnectAuthorizationRequestManager.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/ConnectAuthorizationRequestManager.java
index 163acae69..22c7eea8d 100644
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/ConnectAuthorizationRequestManager.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/ConnectAuthorizationRequestManager.java
@@ -103,10 +103,10 @@ public class ConnectAuthorizationRequestManager implements AuthorizationRequestM
 			scopes = clientScopes;
 		}
 		
-		
-		// note that we have to inject the processed parameters in at this point so that SECOAUTH can find them later (and this object will get copy-constructored away anyway)
-		DefaultAuthorizationRequest request = new DefaultAuthorizationRequest(parameters, Collections.<String, String> emptyMap(), clientId, scopes);
-		request.addClientDetails(client);
+		ConnectAuthorizationRequest request = new ConnectAuthorizationRequest();
+		request.setApprovalParameters(parameters);
+		request.setClientId(clientId);
+		request.setScope(scopes);
 		return request;
 
 	}
diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectTokenEnhancer.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectTokenEnhancer.java
index 315c95e43..a56ae20f6 100644
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectTokenEnhancer.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectTokenEnhancer.java
@@ -15,7 +15,6 @@
  ******************************************************************************/
 package org.mitre.openid.connect.token;
 
-import java.security.NoSuchAlgorithmException;
 import java.util.Date;
 import java.util.Set;
 import java.util.UUID;
diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/token/TofuUserApprovalHandler.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/token/TofuUserApprovalHandler.java
index 34a3fe09e..f82b88cc7 100644
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/token/TofuUserApprovalHandler.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/token/TofuUserApprovalHandler.java
@@ -30,7 +30,6 @@ import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.provider.AuthorizationRequest;
 import org.springframework.security.oauth2.provider.ClientDetails;
 import org.springframework.security.oauth2.provider.ClientDetailsService;
-import org.springframework.security.oauth2.provider.DefaultAuthorizationRequest;
 import org.springframework.security.oauth2.provider.approval.UserApprovalHandler;
 import org.springframework.stereotype.Component;
 
@@ -138,11 +137,9 @@ public class TofuUserApprovalHandler implements UserApprovalHandler {
 					ap.setAccessDate(new Date());
 					approvedSiteService.save(ap);
 	
-					// TODO: WHY DAVE WHY
-					DefaultAuthorizationRequest ar = new DefaultAuthorizationRequest(authorizationRequest);
-					ar.setApproved(true);
+					authorizationRequest.setApproved(true);
 					
-					return ar;
+					return authorizationRequest;
 				}
 			}
         }
@@ -153,24 +150,19 @@ public class TofuUserApprovalHandler implements UserApprovalHandler {
 			//Create an approved site
 			approvedSiteService.createApprovedSite(clientId, userId, null, ws.getAllowedScopes(), ws);
 			
-			// TODO: WHY DAVE WHY
-			DefaultAuthorizationRequest ar = new DefaultAuthorizationRequest(authorizationRequest);
-			ar.setApproved(true);
+			authorizationRequest.setApproved(true);
 			
-			return ar;
+			return authorizationRequest;
 		}
 		
 		// This must be re-parsed here because SECOAUTH forces us to call things in a strange order
 		boolean approved = Boolean.parseBoolean(authorizationRequest.getApprovalParameters().get("user_oauth_approval"));
 		
 		if (approved && !authorizationRequest.getApprovalParameters().isEmpty()) {
-
-			// TODO: Get SECOAUTH to stop breaking polymorphism and start using real objects, SRSLY
-			DefaultAuthorizationRequest ar = new DefaultAuthorizationRequest(authorizationRequest);
 			
 			// process scopes from user input
 			Set<String> allowedScopes = Sets.newHashSet();
-			Map<String,String> approvalParams = ar.getApprovalParameters();
+			Map<String,String> approvalParams = authorizationRequest.getApprovalParameters();
 			
 			Set<String> keys = approvalParams.keySet();
 			
@@ -191,10 +183,10 @@ public class TofuUserApprovalHandler implements UserApprovalHandler {
 
 			// inject the user-allowed scopes into the auth request
 			// TODO: for the moment this allows both upscoping and downscoping.
-			ar.setScope(allowedScopes);
+			authorizationRequest.setScope(allowedScopes);
 			
 			//Only store an ApprovedSite if the user has checked "remember this decision":
-			String remember = ar.getApprovalParameters().get("remember");
+			String remember = authorizationRequest.getApprovalParameters().get("remember");
 			if (!Strings.isNullOrEmpty(remember) && !remember.equals("none")) {
 				
 				Date timeout = null;
@@ -210,7 +202,7 @@ public class TofuUserApprovalHandler implements UserApprovalHandler {
 			
 			// TODO: should we set approved here? It gets called later via the isApproved method in this class...
 			
-			return ar;
+			return authorizationRequest;
 		}
 
 		return authorizationRequest;