diff --git a/apps/federation/lib/Controller/OCSAuthAPIController.php b/apps/federation/lib/Controller/OCSAuthAPIController.php
index 68e0f8b271..6cd3b1890e 100644
--- a/apps/federation/lib/Controller/OCSAuthAPIController.php
+++ b/apps/federation/lib/Controller/OCSAuthAPIController.php
@@ -96,14 +96,12 @@ class OCSAuthAPIController extends OCSController{
 	 *
 	 * request received to ask remote server for a shared secret
 	 *
+	 * @param string $url
+	 * @param string $token
 	 * @return Http\DataResponse
 	 * @throws OCSForbiddenException
 	 */
-	public function requestSharedSecret() {
-
-		$url = $this->request->getParam('url');
-		$token = $this->request->getParam('token');
-
+	public function requestSharedSecret($url, $token) {
 		if ($this->trustedServers->isTrustedServer($url) === false) {
 			$this->logger->error('remote server not trusted (' . $url . ') while requesting shared secret', ['app' => 'federation']);
 			throw new OCSForbiddenException();
@@ -146,14 +144,12 @@ class OCSAuthAPIController extends OCSController{
 	 *
 	 * create shared secret and return it
 	 *
+	 * @param string $url
+	 * @param string $token
 	 * @return Http\DataResponse
 	 * @throws OCSForbiddenException
 	 */
-	public function getSharedSecret() {
-
-		$url = $this->request->getParam('url');
-		$token = $this->request->getParam('token');
-
+	public function getSharedSecret($url, $token) {
 		if ($this->trustedServers->isTrustedServer($url) === false) {
 			$this->logger->error('remote server not trusted (' . $url . ') while getting shared secret', ['app' => 'federation']);
 			throw new OCSForbiddenException();
diff --git a/apps/federation/tests/Controller/OCSAuthAPIControllerTest.php b/apps/federation/tests/Controller/OCSAuthAPIControllerTest.php
index ba10ce57c3..2b231b4fca 100644
--- a/apps/federation/tests/Controller/OCSAuthAPIControllerTest.php
+++ b/apps/federation/tests/Controller/OCSAuthAPIControllerTest.php
@@ -97,8 +97,6 @@ class OCSAuthAPIControllerTest extends TestCase {
 
 		$url = 'url';
 
-		$this->request->expects($this->at(0))->method('getParam')->with('url')->willReturn($url);
-		$this->request->expects($this->at(1))->method('getParam')->with('token')->willReturn($token);
 		$this->trustedServers
 			->expects($this->once())
 			->method('isTrustedServer')->with($url)->willReturn($isTrustedServer);
@@ -116,7 +114,7 @@ class OCSAuthAPIControllerTest extends TestCase {
 		}
 
 		try {
-			$result = $this->ocsAuthApi->requestSharedSecret();
+			$this->ocsAuthApi->requestSharedSecret($url, $token);
 			$this->assertTrue($ok);
 		} catch (OCSForbiddenException $e) {
 			$this->assertFalse($ok);
@@ -143,9 +141,6 @@ class OCSAuthAPIControllerTest extends TestCase {
 		$url = 'url';
 		$token = 'token';
 
-		$this->request->expects($this->at(0))->method('getParam')->with('url')->willReturn($url);
-		$this->request->expects($this->at(1))->method('getParam')->with('token')->willReturn($token);
-
 		/** @var OCSAuthAPIController | \PHPUnit_Framework_MockObject_MockObject $ocsAuthApi */
 		$ocsAuthApi = $this->getMockBuilder('OCA\Federation\Controller\OCSAuthAPIController')
 			->setConstructorArgs(
@@ -181,7 +176,7 @@ class OCSAuthAPIControllerTest extends TestCase {
 		}
 
 		try {
-			$result = $ocsAuthApi->getSharedSecret();
+			$result = $ocsAuthApi->getSharedSecret($url, $token);
 			$this->assertTrue($ok);
 			$data =  $result->getData();
 			$this->assertSame('secret', $data['sharedSecret']);