Configuring OAuth2 for WordPress is simple and starts with ensuring WP OAuth Server is installed and activated in the WordPress plugins options page.
- Install WP OAuth Server
- Activate WP OAuth Server
- Set Global Settings
- Create a Client
Installing & Activating
There are two ways you can install OAuth2 through a plugin.
- Download https://wordpress.org/plugins/oauth2-provider/
- Search for “WP OAuth Server” in the plugin options screen.
You can find out how to install WordPress plugins by visiting https://wordpress.org/support/article/managing-plugins/.
Configuring Global Settings
Once the plugin is installed, go to OAuth Server -> Settings to access the global settings. There are two tabs for settings.
The global settings are set to a default state which works for most installs out of the box. Go to the General Settings tab and ensure that “OAuth Server Enabled” is checked.
Create a Client
Before any calls can be made to, a client needs to be created. By creating a client, an authorized set of credentials are being created so that other sources can begin authorization flow. Go to OAuth Server -> Clients -> Add New Client. On the client screen, you will be presented with fields.
- Grant Types
- Client Name
- Redirect URI
- Advanced Option
Give the client a name that describes the client. For example, if there is a mobile app that will be connecting to WordPress’s OAuth2 API, name the client the mobile apps name. The next step is to determine which grant type the client will be allowed to utilize. In most cases, the “Authorization Code” is good. If you need further assistance with which grant type to use please visit the Grant Types documentation.
The Redirect URI can be a bit tricky but for a basic configuration, you can leave this blank. The Redirect URI is an authorized URL that the client will be redirected to (if using authorization code grant type). OAuth2 has a flow and the Redirect URI setting for a client allows systems to be whitelisted for security.