Connect your App to WordPress Users | WordPress OAuth Codex

Connect your App to WordPress Users

Documentation under "How To" for WP OAuth Server


Connecting your app to WordPress can be useful to enhance application features by using data from the WordPress database. WP OAuth Server was designed to allow a connection to WordPress easily without having to develop an overly complicated API.

What you will need

  • WP OAuth Server installed on a publicly accessible WordPress website.
  • Your App

In this article, we assume your app is a native mobile application or desktop app not using any HTML / Hybrid technology. Your app will require internet access as well.

Create and configure the client

Create a client in WP OAuth Server. When you are creating the client ensure that the grant type “User Credentials.” After saving the client, be sure to copy the Client ID and Client Secret that was generated upon saving the client.

Setup your app to allow your app to connect as a WordPress User

Due to the nature of many programming languages, we are only going to cover how your app should send a request to the WordPress website. You will need to refer to your programming language documentation for specific documentation.

Your app will need to collect the username and password from the user. Connecting the username and password is typically done by using a login form. How you obtain the username and password is up to you.

The request to the server is relatively simple. Form a POST request to your WordPress website.

POST https://yourserver.com?oauth=token
basic authorization client_id:client_secret

Body Parameters

grant_type=password
username=user_input
password=user_input

Note: A REFERER is required in the header during the POST request, or the request will fail.

The Return

If the user login is valid, your application will be presented with an access token for the specified user. This access token can be used with the WP REST API or OAuth 2.o Resource Server to get information about the user.

If the user login information is not correct, the server will respond with an invalid username message in JSON.

Request the user information using the access token

After you get the access token, you will need to know who the user is. To request the user information from the OAuth 2.0 server, you will need your app to make a GET request.

GET http://yourserver.com?oauth=me&access_token=the-access-token

If the access token is valid, the response will be the user information in JSON format. The response from the server contains general information about the user, but the API can be extended to provide additional information. Extending the API is helpful if you need to have information from bbpress, WooCommerce or custom fields returned.

See Extending Endpoints for an example of extending the resource endpoints.