- Resource Owner – The user
- Resource Server – WordPress
- Client – Application
- Authorization Server – WordPress
- Authorization Code – A temporary code is given to exchange for an access token.
- Access Token – A token representing the authorization for a user.
You may notice that some of the terms above represent the same thing. When it comes to OAuth 2.0 for WordPress, some systems are the same thing. For example, the Resource Server and Authorization server are the same entity. Both house the functionality to authorize and give data.
Grant types are the means or flow in which a client is able to get authorization. There are a handful of grant types that WP OAuth Server supports.
There are multiple grant types because of the different types of client frameworks that can be used.
Endpoints are a specific URL that is visited to trigger a specific OAuth function. WP OAuth Server adds two main endpoints to WordPress.
WP OAuth Server supports an extra set of endpoints related to the type of extension.
- ./well-known/keys – Returns public keys
- ./well-known/openid-configuration – Returns OpenID Connect Configuration.
In Addition to the above endpoints, WP OAuth Server has a built-in resource server. The resource server can be used to design a custom REST API outside of WP REST API.
WP OAuth Server is developed utilizing WordPress’s filters and actions API. When customizing the plugin is desired, there is two ways to carry out this.
- Adding code to your theme’s function file
- Using a plugin.
Current Version: 3.7.3
Any documentation and or published articles may not reflect the latest WP OAuth Server plugin version. It is always best to stay updated for security.
General ArticlesBelow is a list of "General" documentation articles.
- Enabling Single Sign On for WordPress
- Plugin Requirements
- Main Concepts
- Grant Types
- OAuth 2.0 Endpoints
- WP REST API Authentication
OAuth Server 3.7.3
WP OAuth Server Pro allows for Unlimited clients and multiple grant types.BUY NOW