Configuring OAuth 2.0 for WordPress is simple and starts with ensuring WP OAuth Server is installed and activated in the WordPress plugins options page.
- Install WP OAuth Server
- Activate WP OAuth Server
- Set Global Settings
- Create a Client
Installing & Activating
There are two ways you can install OAuth 2.0 through a plugin.
- Download https://wordpress.org/plugins/oauth2-provider/
- Search for “WP OAuth Server” in the plugin options screen.
You can find out how to install WordPress plugins by visiting https://wordpress.org/support/article/managing-plugins/.
The pro version requires the plugin to be activated to take advantage of automatic plugin updates.
To Activate with a license key:
- Go to your WordPress Admin
- Click WP OAuth Server -→ Status
- Click the “License(s)” Tab
- Enter your license key
- Click Activate
Configuring Global Settings
Once the plugin is installed, go to OAuth Server → Settings to access the global settings. There are two tabs for settings.
The global settings are set to a default state, which works for most installs out of the box. Go to the General Settings tab and ensure that “OAuth Server Enabled” is checked.
Create a Client
Before any calls can be made, a client needs to be created. By creating a client, an authorized set of credentials is being created so that other sources can begin authorization flow. Go to OAuth Server → Clients → Add New Client. On the client screen, you will be presented with fields.
- Grant Types
- Client Name
- Redirect URI
- Advanced Option
Give the client a name that describes the client. For example, if there is a mobile app connecting to WordPress’s OAuth 2.0 API, name the client the mobile apps name. The next step is to determine which grant type the client will be allowed to utilize. In most cases, the “Authorization Code” is good. If you need further assistance with which grant type to use, please visit the Grant Types documentation.
The Redirect URI can be a bit tricky, but you can leave this blank for a basic configuration. The Redirect URI is an authorized URL that the client will be redirected to (if using authorization code grant type). OAuth 2.0 has a flow, and the Redirect URI setting for a client allows systems to be whitelisted for security.