OAuth 2.0 in general relies heavily on the crypt nature of TLS. Since tokens are sometimes exchanged via a request, a secure connection is required.
TLS 1.0 and TLS 1.1 use the SHA-1 algorithm and weaker cipher suites for authenticating identities. However, it has become dangerously weak due to several vulnerabilities identified in its suite. These vulnerabilities could potentially allow attackers to sniff your connection.Plivo
We understand that running WP OAuth Server for WordPress can be simple, but the simplicity has allowed users to knowingly use unsecure practices. We are not OK with this and have to make a change in how we allow WP OAuth Server to operate on public systems.
In future releases we are going to add confirmations and nag messages to system that are publicly accessible but are using unsafe security practices. The system will remain operational, but we will begin reminding users, developers, and customers of the need for best practices with OAuth 2.0 and WordPress.
If you are on a system that is running, TLS 1.0 or 1.1, please contact your host or system admin. TLS 1.2 should be used to ensure all systems are secure and safe.
If you have any questions, please contact [email protected] We would glad to help guide you in the right direction.