Stay up to Date with Our News and Releases

With the introduction of the REST API for WordPress, the possibilities are endless. I see this a bit skeptical since there is some choke points in the REST API. Everything always has its flaws and given that the REST API in core is fairly new, I hold my personal opinions close and contribute when and where […]

Recently I was contacted by an Author of WP OAuth Server informing me that there was a demand for integration between WP OAuth (https://wordpress.org/plugins/wp-oauth/) and WP OAuth Server (https://wordpress.org/plugins/oauth2-provider/). With no time wasted, I hopped on the matter and submitted a Pull Request at https://github.com/perrybutler/WP-OAuth. The PR provided configuration that allows for a user to connect […]

Update Jan 11, 2018 WPEngine Customers: You must set the Allow Origin settings in your .htaccess file. See https://wpengine.com/support/platform-settings/ for more information. It has come to my attention that there is a growing usage of frameworks that are running into issues with with CORS (Cross-origin HTTP Requests). The issue begins with OAuth2 not really supporting CORS […]

Today we released WP OAuth Server 3.1.93. This version of WP OAuth Server is mainly a minor release. The OAuth2 Library used was updated and then ported into the WP OAuth2 project. This release utilizes better handling of id_tokens as well as allows for non-expiring refresh tokens. Next scheduled release is version 3.2.0. If there is any […]

I woke up this morning with a mailbox full of notifications. These notifications were letting me know that there was a problem with the latest push (3.1.92) of WP OAuth Server. After looking into the matter (more like running around frantically), I found that there was a mistake on our part. We forgot to add […]

Today we released WP OAuth Server 3.1.92. This update is super exciting because it introduces new actions so that extensions can be built easier than ever before. Along with the version 3.1.92 release, we have released the very first extension “Brute Protect“. Check out Brute Protect’s download page for more information. In the 3.1.92 release, we have decided […]

About a month ago, we sent out an email about how there was some structural changes that was going to be happening with WP OAuth Server. Roadmap Starting with version 3.1.91, WP OAuth Server will be split/stripped down so that the plugin can be better maintained. The overall goal of our original development plan was to keep […]

Today we released version 3.1.9 of WP OAuth Server (aka oauth2-provider). The updates are minor but there is some new items that are note worthy. Prior to this version there was an oversight in the default lifetime of refresh tokens. The issue was that refresh tokens that were issued using default settings were invalid an hour […]

Last night we wrapped up our tests and push 3.1.8 out the door. WP OAuth Server is now available in the WordPress repo. You can update manually or by using the update feature in WordPress. New features and bug fixes: Bug – fixed refresh token not being issued with refresh token Feature Push – Access tokens and […]

Recently we was approached by a public sector team that provided detail of a vulnerability in version prior to 3.1.5. The vulnerability was a label as major but in reality it was a tad smaller. The issue was that 2 functions that generated auth codes and access token was not secure, other wise meaning that in […]