Our Blog - News, Updates, How-To and Security Releases

WP OAuth Server

Stay tuned with our latest blog posts

CORS – Preflight Requests Issues

Update Jan 11, 2018 WPEngine Customers: You must set the Allow Origin settings in your .htaccess file. See https://wpengine.com/support/platform-settings/ for more information. It has come to my attention that there is a growing usage of frameworks that are running into issues with with CORS (Cross-origin HTTP Requests). The issue begins with OAuth2 not really supporting CORS […]

Read Post

Friday January 22, 2016

Version 3.1.93 Released

Today we released WP OAuth Server 3.1.93. This version of WP OAuth Server is mainly a minor release. The OAuth2 Library used was updated and then ported into the WP OAuth2 project. This release utilizes better handling of id_tokens as well as allows for non-expiring refresh tokens. Next scheduled release is version 3.2.0. If there is any […]

Read Post

Wednesday January 13, 2016

Error on Upgrade

I woke up this morning with a mailbox full of notifications. These notifications were letting me know that there was a problem with the latest push (3.1.92) of WP OAuth Server. After looking into the matter (more like running around frantically), I found that there was a mistake on our part. We forgot to add […]

Read Post

Monday November 30, 2015

Version 3.1.92 Released

Today we released WP OAuth Server 3.1.92. This update is super exciting because it introduces new actions so that extensions can be built easier than ever before. Along with the version 3.1.92 release, we have released the very first extension “Brute Protect“. Check out Brute Protect’s download page for more information. In the 3.1.92 release, we have decided […]

Read Post

Saturday November 28, 2015

Restructuring WP OAuth Server

About a month ago, we sent out an email about how there was some structural changes that was going to be happening with WP OAuth Server. Roadmap Starting with version 3.1.91, WP OAuth Server will be split/stripped down so that the plugin can be better maintained. The overall goal of our original development plan was to keep […]

Read Post

Friday November 6, 2015

Version 3.1.9 Released

Today we released version 3.1.9 of WP OAuth Server (aka oauth2-provider). The updates are minor but there is some new items that are note worthy. Prior to this version there was an oversight in the default lifetime of refresh tokens. The issue was that refresh tokens that were issued using default settings were invalid an hour […]

Read Post

Saturday October 24, 2015

Version 3.1.8 Released

Last night we wrapped up our tests and push 3.1.8 out the door. WP OAuth Server is now available in the WordPress repo. You can update manually or by using the update feature in WordPress. New features and bug fixes: Bug – fixed refresh token not being issued with refresh token Feature Push – Access tokens and […]

Read Post

Friday October 2, 2015

3.1.5 Security Release

Recently we was approached by a public sector team that provided detail of a vulnerability in version prior to 3.1.5. The vulnerability was a label as major but in reality it was a tad smaller. The issue was that 2 functions that generated auth codes and access token was not secure, other wise meaning that in […]

Read Post

Thursday August 13, 2015

Security Update Released

It has been brought to our attention that access_tokens have been registering for 10+ years and not being set to the correct value. Although this is not a major security issue we are pushing a new update to the repo. Please update to the latest version (3.1.2) as soon as possible. What is the issue? Access […]

Read Post

Tuesday June 9, 2015

Minor Release – 3.0.9

Today version 3.0.9 of WP OAuth Server was released and addresses some extremely important issues. WP OAuth Server has supported OpenID for a few versions but in version 3.0.9 we added OpenID Discovery. Discovery allows for clients to dynamically find endpoints by visiting /.well-known endpoints. WP OAuth Server also provides the ability to sign tokens […]

Read Post

Wednesday June 3, 2015