Screenshot WOW SAVE 20% on the All Access Bundle. Use "OAUTH20OFF" at checkout.
News & Updates

WordPress OAuth Server 4.1.6 Update

If you have any questions please contact our
Support Team.
WordPress OAuth Server 4.1.6 Update

WordPress OAuth Server 4.1.6 Update

As of December 26, 2020, version 4.1.6 of WP OAuth Server will be made available for download for both the CE (Community Edition) and the Pro version.

The updates contained two features that have been highly requested.

  • User Info Mapping (Pro Only)
  • Role-based restriction and for authorization

User Info Mapping

The user info mapping feature is helpful when the fields being presented by the “me” endpoint do not match the need of a client. User mapping abilities are limited to the basic fields of id, email, username, display name, user status, registered date, and nickname.

The mapping feature has a GUI built into the WP OAuth Server’s admin settings. The GUI is only available in 4.1.6 Pro and up. The CE version does have the capabilities of user mapping using the filter ‘wp_oauth_server_user_info_mapping‘.

User Mapping GUI for WP OAuth Server 4.1.6 Pro +

Filter Example

The following example maps the field name “ID” to “USER_ID_TEST” The field names are specific to WordPress’s user meta info but only pertain to the field names listed above.

add_filter( 'wp_oauth_server_user_info_mapping', 'wp_oauth_server_user_info_mapping_filter_test' );
function wp_oauth_server_user_info_mapping_filter_test( $info ) {
	$info = array(
		'ID' => 'USER_ID_TEST'

	return $info;

Role-Based Authorization Restrictions

Restricting the usage of authorization based on role has been requested for some time. Staring in 4.1.6, the groundwork for a high level restriction based on roles as been added. Currently, restrictions can only be implemented by a filter.

The example filter below stricts usage of the client “mvJsGPYZNHgRVSeoNQfrT4FN6wpunvVJ0FbHu9Hi” to only users with the role of “administrator”.

The restrictions will apply across all grant types.

 * Example of only allow the role of administrator to for a given client.
add_action( 'wp_oauth_server_user_check', 'wp_oauth_server_user_check_callback', 2, 99 );
function wp_oauth_server_user_check_callback( $clientId, $userId ) {
	if ( $clientId == 'mvJsGPYZNHgRVSeoNQfrT4FN6wpunvVJ0FbHu9Hi' ) {
		$user_meta  = get_userdata( $userId );
		$user_roles = $user_meta->roles;
		if ( ! in_array( 'administrator', $user_roles ) ) {
			wp_send_json( array(
				'error' => 'invalid_request',
				'error_description' => 'User role does not have authorization to make this request',
			), 401 );

Please update to take advantage of the latest additions to WordPress OAuth Server.

Stay right up to date

Get great content to your inbox every week. No spam.
Only great content, we don’t share your email with third parties.