Due to the way the REST API was written, scopes serve little purpose with using the default REST API routes. WordPress simply looks at users permissions via capabilities and processes the request.
WP OAuth Server does store and support scopes as far as listening, storing, and presenting, but it does not limit the requests and information based on scopes at this point in time. Scopes are helpful with needed to limit access to users data and needed in times with custom REST API routes to ensure a greater level of security.
WP OAuth Server comes with a public function that you can use to gather the scopes for a given access token.
With this function, you simply pass the access token as the only parameter and it will return all the data about the access token including the scopes.
It is up to the developer for how to use the scopes with any custom API route since scopes are not supported with the REST API currently.
Current Version: 3.8.2
Any documentation and or published articles may not reflect the latest WP OAuth Server plugin version. It is always best to stay updated for security.
How To ArticlesBelow is a list of "How To" documentation articles.
- Connect your App to WordPress Users
- Custom Login Page
- Using User Scopes with WP OAuth Server and REST API
- WP REST API Bearer Token Authentication
- Enabling WooCommerce API
- Enable User Consent Dialog
- OAuth 2.0 Token Introspection
- Disable Plugin Updates
- Extending the OpenID Discovery API
- OpenID Authentication for WP REST API
- Using a Bearer Token with WP REST API
- How to Authenticate with WP REST API
- Using POSTMAN and WP REST API
- Setup WP OAuth Server for Single Sign On with WordPress
- Extending Endpoints
- Setting up Moodle and WordPress for Single Sign On
- Rocket.Chat OAuth Setup
- Never Expiring Access Token
OAuth Server 3.8.2
WP OAuth Server Pro allows for Unlimited clients and multiple grant types.BUY NOW