Screenshot WOW SAVE 20% on the All Access Bundle. Use "OAUTH20OFF" at checkout.
3rd Party Integration

OAuth 2.0 Endpoints

Published: October 2, 2018 | Updated: December 2nd, 2020
  1. Home
  2. Docs
  3. General
  4. OAuth 2.0 Endpoints

WP OAuth Server has multiple endpoints built into the plugin. These endpoints are developed using the most common techniques and best practices in OAuth 2.0 and WordPress.

OAuth Endpoints Descriptions

Endpoints should be prepended by ‘/oauth’. For example, the ‘authorize’ endpoint would look like ‘/oauth/authorize’.

/oauth/authorizeThis endpoint is mostly used by the client to request an Authorization code that can then be exchanged for an access token.
/oauth/tokenThe token endpoint is used to most often to exchange an auth code for an access token. This endpoint is also used when using the user credential and client credentials grant types.
/oauth/meThis endpoint is used solely to return data about a user assigned to any given access token.
/oauth/introspectionUsed to determine the active state of an OAuth 2.0 token and to determine meta-information about this token
/oauth/revokeUsed to revoke an access token or refresh token
/oauth/destroySimilar to ‘revoke’, but used in a web browser and destroys the active WP User Session along with the access token.
WordPress OAuth Server Endpoints

Supported Well Known Endpoints

OpenID Connect and OAuth 2.0 work hand in hand. WP OAuth Server supports OpenID Connect as well as JWT and these endpoints are needed for many clients. They provide regular server information catered to OpenID Connect and JWT.

/.well-known/keysThis endpoint is used to gain the key information used to sign responses.
/.well-known/openid-configuration/Returns OpenID Connect configuration information about the server. This endpoint is used for automatically configuring clients often but provides great information needed.
OpenID Connect Well Known Endpoints