In this article, we will cover how to use WP OAuth Server and OAuth2 to make authenticated requests to WP REST API. Currently, with WP OAuth Server and WP REST API, you MUST either use OAuth or traditional cookies (normal WP login). You CAN NOT use both at the same time. When using WP OAuth Server, ensure you are logged out of WordPress.
How to authenticate?
The first thing that we will need to do is download WP OAuth Server from our account. If you do not have WP OAuth Server, you will need to download it by visiting https://wp-oauth.com/downloads/wp-oauth-server/. Once we have WP OAuth Server installed we can start the process below.
Create a Client
Let’s navigate to our WordPress admin area. With WP OAuth Server installed we will see a link in the main navigation label “OAuth Server”. By hovering over this link we will be presented the link to create a new client. Let give our client a name and select the grant types that we will need to use. Once we have created our client, we will need to make a copy of the “Client ID” and “Client Secret“. We will need to use this information to gain an access token.
Obtaining an Access Token
How we obtain an access token is dependent on our project. In this article, we will be obtaining an access token using the “User Credentials” grant type. We will need to download “POSTMAN“. Once you have Postman installed, we will need to start configuring it. Check out this article for details using Postman.
Using the Access Token
Now that we have an access token, we can use this token to make authorized calls to the WP REST API. There is two ways that we can pass an access token to the API.
- In the URL
- Using a Bearer Token
For simplicity of this article lets use the URL method to send our access token. Below is a simple call to the REST API to retrieve post revisions. HTTP 1.1 GET
If you receive an error about not being authorized to make the call, ensure that you are logged out of WordPress.
If you have any questions, please submit a support request.
Current Version: 3.7.3
Any documentation and or published articles may not reflect the latest WP OAuth Server plugin version. It is always best to stay updated for security.
How To ArticlesBelow is a list of "How To" documentation articles.
- Connect your App to WordPress Users
- WP REST API Bearer Token Authentication
- Enabling WooCommerce API
- Enable User Consent Dialog
- OAuth 2.0 Token Introspection
- Disable Plugin Updates
- Extending the OpenID Discovery API
- OpenID Authentication for WP REST API
- Using a Bearer Token with WP REST API
- How to Authenticate with WP REST API
- Using POSTMAN and WP REST API
- Setup WP OAuth Server for Single Sign On with WordPress
- Extending Endpoints
- Setting up Moodle and WordPress for Single Sign On
- Rocket.Chat OAuth Setup
- Never Expiring Access Token
OAuth Server 3.7.3
WP OAuth Server Pro allows for Unlimited clients and multiple grant types.BUY NOW