We have been working for some time on adjusting the model of WP OAuth Server and we feel it will make our OAuth 2.0 plugin for WordPress more flexible and easier to use. Some of the changes include removing some global options that have become obsolete since they are now controlled at a client level. These options include the global grant types allowed to be used. These options are currently covered by individual client settings and are no longer needed.
We have also prided ourselves on the fact that we have stayed on track with the OAuth drafts from the IETF (https://tools.ietf.org/html/rfc6749). Although we want to maintain this as close as possible, we realize there are many different flavors in OAuth 2.0. So…. As long as an option is deemed useful as part of the core, we will be exploring custom alternatives to meet the demand of clients.
- Removed old obsolete global options from the settings page. Options per client will be used instead.
- Revocation information has been added to the well-known endpoint.
- Support scopes have been added to the discovery API.
- Added an alias of “oauth-authorization-server” for open-id in the discovery API.
- Fixed a rare error when creating a client that caused failure to redirect properly.
- Extended the core API to allow for more add-ons.
We have scheduled release at the end of the week but if all testing goes well, we will attempt to push earlier.
We want to thank all our users and clients for the opportunity to offer a product and a service. You guys ROCK!!!
Current Version: 3.7.3
Any documentation and or published articles may not reflect the latest WP OAuth Server plugin version. It is always best to stay updated for security.