Screenshot WOW SAVE 20% on the All Access Bundle. Use "OAUTH20OFF" at checkout.
GET DEAL
3rd Party Integration

Setup & Configuration

Published: September 26, 2019 | Updated: December 8th, 2020
  1. Home
  2. Docs
  3. General
  4. Setup & Configuration

Overview

Configuring OAuth 2.0 for WordPress is simple and starts with ensuring WP OAuth Server is installed and activated in the WordPress plugins options page.

Checklist

  1. Install WP OAuth Server
  2. Activate WP OAuth Server
  3. Set Global Settings
  4. Create a Client

Installing & Activating

There are two ways you can install OAuth 2.0 through a plugin.

  1. Download https://wordpress.org/plugins/oauth2-provider/
  2. Search for “WP OAuth Server” in the plugin options screen.

You can find out how to install WordPress plugins by visiting https://wordpress.org/support/article/managing-plugins/.

License Activation

The pro version requires the plugin to be activated to take advantage of automatic plugin updates.

To Activate with a license key:

  1. Go to your WordPress Admin
  2. Click WP OAuth Server -→ Status
  3. Click the “License(s)” Tab
  4. Enter your license key
  5. Click Activate

Configuring Global Settings

Once the plugin is installed, go to OAuth Server → Settings to access the global settings. There are two tabs for settings.

  1. General
  2. Advanced

The global settings are set to a default state, which works for most installs out of the box. Go to the General Settings tab and ensure that “OAuth Server Enabled” is checked.

Create a Client

Before any calls can be made, a client needs to be created. By creating a client, an authorized set of credentials is being created so that other sources can begin authorization flow. Go to OAuth Server → Clients → Add New Client. On the client screen, you will be presented with fields.

  • Grant Types
  • Client Name
  • Redirect URI
  • Advanced Option

Give the client a name that describes the client. For example, if there is a mobile app connecting to WordPress’s OAuth 2.0 API, name the client the mobile apps name. The next step is to determine which grant type the client will be allowed to utilize. In most cases, the “Authorization Code” is good. If you need further assistance with which grant type to use, please visit the Grant Types documentation.

The Redirect URI can be a bit tricky, but you can leave this blank for a basic configuration. The Redirect URI is an authorized URL that the client will be redirected to (if using authorization code grant type). OAuth 2.0 has a flow, and the Redirect URI setting for a client allows systems to be whitelisted for security.

Icon