1 files changed, 8 insertions, 2 deletions

diff --git a/oauthlib/oauth2/rfc6749/endpoints/token.py b/oauthlib/oauth2/rfc6749/endpoints/token.py
index 90fb16f..bc87e9b 100644
--- a/oauthlib/oauth2/rfc6749/endpoints/token.py
+++ b/oauthlib/oauth2/rfc6749/endpoints/token.py
@@ -62,6 +62,8 @@ class TokenEndpoint(BaseEndpoint):
     .. _`Appendix B`: https://tools.ietf.org/html/rfc6749#appendix-B
     """
 
+    valid_request_methods = ('POST',)
+
     def __init__(self, default_grant_type, default_token_type, grant_types):
         BaseEndpoint.__init__(self)
         self._grant_types = grant_types
@@ -85,13 +87,13 @@ class TokenEndpoint(BaseEndpoint):
         return self._default_token_type
 
     @catch_errors_and_unavailability
-    def create_token_response(self, uri, http_method='GET', body=None,
+    def create_token_response(self, uri, http_method='POST', body=None,
                               headers=None, credentials=None, grant_type_for_scope=None,
                               claims=None):
         """Extract grant_type and route to the designated handler."""
         request = Request(
             uri, http_method=http_method, body=body, headers=headers)
-
+        self.validate_token_request(request)
         # 'scope' is an allowed Token Request param in both the "Resource Owner Password Credentials Grant"
         # and "Client Credentials Grant" flows
         # https://tools.ietf.org/html/rfc6749#section-4.3.2
@@ -115,3 +117,7 @@ class TokenEndpoint(BaseEndpoint):
                   request.grant_type, grant_type_handler)
         return grant_type_handler.create_token_response(
             request, self.default_token_type)
+
+    def validate_token_request(self, request):
+        self._raise_on_bad_method(request)
+        self._raise_on_bad_post_request(request)