We have seen a lot of questions come in about using WordPress OAuth Server for Single Sign On. From these questions we are starting to see that there is a misconception about OAuth being Single Sign On (aka SSO).

What is OAuth?

OAuth1.0a and OAuth 2 are a user authentication protocol that allows a user to authorize access for an outside system to act on their behalf. The protocol uses what is known as access tokens. Once and access token is obtained, an outside system can then do things on behalf of the user.

What is Single Sign On?

SSO is a term used by many that describes a user being able to use the same user credentials on many different systems. For example, you may want your users to be able to seamlessly log into your intranet, your CRM system and ticketing system using only a single login.

So why is OAuth not Single Sign On?

SSO is not the same thing as OAuth. Period… SSO simply uses OAuth (one of many ways) as a means to allow the same user credentials on multiple systems. The processes that the OAuth protocol takes can be used to obtain an access token. Once an access token is obtained, a system make a request to the OAuth provider for the users information. Using this information, a system can ten check to see if the user has an account in its own database. If the user does not have an account, the system can then create an account using the user’s email or other unique identifier.

All of this process takes place behind the scenes making the connection and login process SSO.

What about WordPress Single Sign On?

Using a plugin like WP OAuth Server, you can enable your WordPress site to act like an OAuth Provider. Being an OAuth provider will give you the abilities to provide SSO to any outside system that wants to use your WordPress user database as it own.

In short, OAuth is not Single Sign On but rather a means to provide SSO.

Share This Post

Other Posts


We have put together some other posts that you may like.

3.4.1 Release Notes

Today, version 3.4.1 was released. Below is a list of enhancements and fixes that...

Read more

Day of Action for Net Neutrality

On July 12, 2017, websites, Internet users, and online communities will come together to...

Read more

JWT Authentication Coming Soon For WordPress

We have received a few inquiries about JWT Bearer Tokens being supported to authenticate...

Read more

Do you need a developer for your project? We are available for hire.