Today we released a new version of WP OAuth Server for all our customers. The released contains mostly bug fixes but did contain a new filter.
- We fixed a bug in how the clients are stored in the database. This could lead to Client ID’s being exposed but nothing else. In certain scenarios, this could be considered a security issue.
- We added a new filter that will allow for tokens expires time to be overwritten. The filter is “wo_get_access_token_expires_return”.
- We modified how the destroy endpoint chooses to destroy valid sessions. A WP login session will not be destroyed if the client is logged in using cookies.
The updates are available for update by visiting your account or automatically downloading them in the WordPress dashboard. If you have any issues upgrading or with the plugin, please contact support.