diff --git a/provider/oauth2/backends.py b/provider/oauth2/backends.py
index db0fb853..491da6fb 100644
--- a/provider/oauth2/backends.py
+++ b/provider/oauth2/backends.py
@@ -53,7 +53,7 @@ def authenticate(self, request=None):
         if request is None:
             return None
 
-        form = ClientAuthForm(request.REQUEST)
+        form = ClientAuthForm(request.POST)
 
         if form.is_valid():
             return form.cleaned_data.get('client')
@@ -74,7 +74,7 @@ def authenticate(self, request=None):
         if request is None:
             return None
 
-        form = PublicPasswordGrantForm(request.REQUEST)
+        form = PublicPasswordGrantForm(request.POST)
 
         if form.is_valid():
             return form.cleaned_data.get('client')
diff --git a/provider/oauth2/views.py b/provider/oauth2/views.py
index 048a4f63..b0d7470f 100644
--- a/provider/oauth2/views.py
+++ b/provider/oauth2/views.py
@@ -101,6 +101,12 @@ def get_access_token(self, request, user, scope, client):
             # None found... make a new one!
             at = self.create_access_token(request, user, scope, client)
             self.create_refresh_token(request, user, scope, at, client)
+        except AccessToken.MultipleObjectsReturned:
+            # Simultaneously created tokens must be destroyeds
+            at = AccessToken.objects.filter(user=user, client=client,
+                                            scope=scope, expires__gt=now()).latest("pk")
+            AccessToken.objects.filter(user=user, client=client,
+                                       scope=scope, expires__gt=now()).exclude(pk=at.pk).delete()
         return at
 
     def create_access_token(self, request, user, scope, client):
diff --git a/provider/views.py b/provider/views.py
index dd1200df..41e0df95 100644
--- a/provider/views.py
+++ b/provider/views.py
@@ -298,7 +298,7 @@ def error_response(self, error, mimetype='application/json', status=400,
         Return an error response to the client with default status code of
         *400* stating the error as outlined in :rfc:`5.2`.
         """
-        return HttpResponse(json.dumps(error), mimetype=mimetype,
+        return HttpResponse(json.dumps(error), content_type=mimetype,
                 status=status, **kwargs)
 
     def get(self, request):
@@ -463,7 +463,7 @@ def error_response(self, error, mimetype='application/json', status=400,
         Return an error response to the client with default status code of
         *400* stating the error as outlined in :rfc:`5.2`.
         """
-        return HttpResponse(json.dumps(error), mimetype=mimetype,
+        return HttpResponse(json.dumps(error), content_type=mimetype,
                 status=status, **kwargs)
 
     def access_token_response(self, access_token):
@@ -488,7 +488,7 @@ def access_token_response(self, access_token):
             pass
 
         return HttpResponse(
-            json.dumps(response_data), mimetype='application/json'
+            json.dumps(response_data), content_type='application/json'
         )
 
     def authorization_code(self, request, data, client):