WP OAuth Server

Stay tuned with our latest blog posts

Version 3.1.93 Released

Today we released WP OAuth Server 3.1.93. This version of WP OAuth Server is mainly a minor release. The OAuth2 Library used was updated and then ported into the WP OAuth2 project. This release utilizes better handling of id_tokens as well as allows for non-expiring refresh tokens. Next scheduled release is version 3.2.0. If there is any […]

Wednesday January 13, 2016

Error on Upgrade

I woke up this morning with a mailbox full of notifications. These notifications were letting me know that there was a problem with the latest push (3.1.92) of WP OAuth Server. After looking into the matter (more like running around frantically), I found that there was a mistake on our part. We forgot to add […]

Monday November 30, 2015

Version 3.1.92 Released

Today we released WP OAuth Server 3.1.92. This update is super exciting because it introduces new actions so that extensions can be built easier than ever before. Along with the version 3.1.92 release, we have released the very first extension “Brute Protect“. Check out Brute Protect’s download page for more information. In the 3.1.92 release, we have decided […]

Saturday November 28, 2015

Restructuring WP OAuth Server

About a month ago, we sent out an email about how there was some structural changes that was going to be happening with WP OAuth Server. Roadmap Starting with version 3.1.91, WP OAuth Server will be split/stripped down so that the plugin can be better maintained. The overall goal of our original development plan was to keep […]

Friday November 6, 2015

Version 3.1.9 Released

Today we released version 3.1.9 of WP OAuth Server (aka oauth2-provider). The updates are minor but there is some new items that are note worthy. Prior to this version there was an oversight in the default lifetime of refresh tokens. The issue was that refresh tokens that were issued using default settings were invalid an hour […]

Saturday October 24, 2015

Version 3.1.8 Released

Last night we wrapped up our tests and push 3.1.8 out the door. WP OAuth Server is now available in the WordPress repo. You can update manually or by using the update feature in WordPress. New features and bug fixes: Bug – fixed refresh token not being issued with refresh token Feature Push – Access tokens and […]

Friday October 2, 2015

3.1.5 Security Release

Recently we was approached by a public sector team that provided detail of a vulnerability in version prior to 3.1.5. The vulnerability was a label as major but in reality it was a tad smaller. The issue was that 2 functions that generated auth codes and access token was not secure, other wise meaning that in […]

Thursday August 13, 2015

Security Update Released

It has been brought to our attention that access_tokens have been registering for 10+ years and not being set to the correct value. Although this is not a major security issue we are pushing a new update to the repo. Please update to the latest version (3.1.2) as soon as possible. What is the issue? Access […]

Tuesday June 9, 2015

Minor Release – 3.0.9

Today version 3.0.9 of WP OAuth Server was released and addresses some extremely important issues. WP OAuth Server has supported OpenID for a few versions but in version 3.0.9 we added OpenID Discovery. Discovery allows for clients to dynamically find endpoints by visiting /.well-known endpoints. WP OAuth Server also provides the ability to sign tokens […]

Wednesday June 3, 2015

Best Practices and Recommendations has been released

Today, we released a much requested “Best Practices and Recommendations” article in the Knowledge Base. The article covers what we feel is most important when using WP OAuth Server. You can find the article by visiting https://wp-oauth.com/knowledge-base/best-practices-and-recommendations/.

Wednesday May 6, 2015