Learn OAuth 2.0 Main Concepts | WP OAuth Server Codex

Main Concepts

Documentation under "General" for WP OAuth Server


  • Resource Owner – The user
  • Resource Server – WordPress
  • Client – Application
  • Authorization Server – WordPress
  • Authorization Code – A temporary code is given to exchange for an access token.
  • Access Token – A token representing the authorization for a user.

You may notice that some of the terms above represent the same thing. When it comes to OAuth 2.0 for WordPress, some systems are the same thing. For example, the Resource Server and Authorization server are the same entity. Both house the functionality to authorize and give data.

Grant Types

Grant types are the means or flow in which a client is able to get authorization. There are a handful of grant types that WP OAuth Server supports.

There are multiple grant types because of the different types of client frameworks that can be used.


Endpoints are a specific URL that is visited to trigger a specific OAuth function. WP OAuth Server adds two main endpoints to WordPress.

WP OAuth Server supports an extra set of endpoints related to the type of extension.

In Addition to the above endpoints, WP OAuth Server has a built-in resource server. The resource server can be used to design a custom REST API outside of WP REST API.


WP OAuth Server is developed utilizing WordPress’s filters and actions API. When customizing the plugin is desired, there is two ways to carry out this.

  1. Adding code to your theme’s function file
  2. Using a plugin.

Search Documentation

General Articles

Below is a list of "General" documentation articles.

OAuth Server 3.8.2

WP OAuth Server Pro allows for Unlimited clients and multiple grant types.