WP OAuth Server has multiple endpoints built into the plugin. These endpoints are developed using the most common techniques and best practices in OAuth 2.0 and WordPress.
OAuth Endpoints Descriptions
Endpoints should be prepended by ‘/oauth’. For example, the ‘authorize’ endpoint would look like ‘/oauth/authorize’.
|/oauth/authorize||This endpoint is mostly used by the client to request an Authorization code that can then be exchanged for an access token.|
|/oauth/token||The token endpoint is used to most often to exchange an auth code for an access token. This endpoint is also used when using the user credential and client credentials grant types.|
|/oauth/me||This endpoint is used solely to return data about a user assigned to any given access token.|
|/oauth/introspection||Used to determine the active state of an OAuth 2.0 token and to determine meta-information about this token|
|/oauth/revoke||Used to revoke an access token or refresh token|
|/oauth/destroy||Similar to ‘revoke’, but used in a web browser and destroys the active WP User Session along with the access token.|
Supported Well Known Endpoints
OpenID Connect and OAuth 2.0 work hand in hand. WP OAuth Server supports OpenID Connect as well as JWT and these endpoints are needed for many clients. They provide regular server information catered to OpenID Connect and JWT.
|/.well-known/keys||This endpoint is used to gain the key information used to sign responses.|
|/.well-known/openid-configuration/||Returns OpenID Connect configuration information about the server. This endpoint is used for automatically configuring clients often but provides great information needed.|