Description
WordPress OAuth Server allows you to setup your WordPress site as an Identity Server to allow users to Single Sign-On / Login into your client site / application with WordPress Login using OAuth / OpenID Connect protocol flows. WordPress OAuth Server plugin is basically used to use WordPress as your OAuth Server (Identity Server) and access OAuth APIs.
The primary goal of this WordPress OAuth Server / OAuth Provider plugin is to allow users to interact with WordPress and Jetpack sites without requiring them to store sensitive credentials for each application.
The WordPress OAuth Server / OAuth Provider plugin is created in WordPress by virtue of which, user can login to OAuth2 compliant client without remembering it’s credentials. These client applications can be Salesforce, Rocket chat or any other third party applications which support OAuth protocol and allows Single Sign-On. It allows you to use WordPress as your OAuth Server and access OAuth APIs.
You can easily configure the WordPress OAuth server plugin to get the access tokens, or allow clients to request new access tokens and refresh them.
List of Popular OAuth Clients supported
- Rocket.Chat
- Invision Community (IPB Forum)
- Odoo
- WordPress
- EasyGenerator
- Salesforce
- Zapier
- Moodle
- Edunext
- Wickr
- Freshdesk
- FreshWorks
- ServiceNow
- Knack database
- Circlo.so
- Tribe.so
- Mobilize
- Nextcloud
- Church Online
- iSpring LMS
- Nextcloud
- Church Online
- Academy of Mine
- BoardEffect
WordPress OAuth / OpenID Connect Server Use Cases
- If you want to use your WordPress site as a Identity Server / OAuth Server / OAuth Provider and use WordPress user’s login credentials to login into your client site / application then you can use this plugin. You can also decide what kind of User data / attributes you want to send while Single Sign On into your client site / application.
- If you want to login to your Mobile app / Single Page web app (SPA) using your WordPress credentials, then you can use the Authorization code with PKCE flow grant type to achieve your use case.
WordPress OAuth / OpenID Connect Server Free version Features
- Supports WordPress Login / Login with WordPress for Single Client application
- Protocol Support – OAuth 2.0, OpenID Connect and JWT
- Master Switch – Block / unblock OAuth API calls between OAuth Clients and Server
- Token Length – Change the access token length
- Server Response – Sends User ID and username in the response
- Grant types Supported – Authorization Code grant
- OAuth API Documentation
- Setup guides to configure the plugin with various OAuth Clients (more coming soon)
WordPress OAuth / OpenID Connect Server Premium version Features
- All FREE version features
- Supports WordPress Login / Login with WordPress for Multiple Client applications
- Server Response – Sends all the profile attributes along with roles, allows to send custom attributes from usermeta table and also customize the attribute names that need to be sent in server response
- Grant Types Supported : Authorization Code Grant, Implicit Grant, Password Grant, Client Credentials Grant, Refresh Token Grant, Authorization Code grant with PKCE flow
- Token Lifetime – Configure the access token and refresh token expiry time
- Enforce State Parameter – Based on client configuration, you can enable or disable state parameter
- Authorize / Consent prompt – Enable / disable the consent screen
- Redirect/Callback URI Validation – Enable / disable this feature, based on dynamic redirect to a different pages for certain conditions
- Multi-Site Support – Use the plugin in WordPress Multisite network environment
- JWT Signing Algorithm – Supports signing algorithms HSA and RSA
- Additonal endpoints – Provides OpenID Connect Discovery endpoint, Introspection endpoint, OpenID Connect Single logout endpoint
A grant is a method of acquiring an access token. Deciding which grants to implement depends on the type of client the end user will be using, and the experience you want for your users.
We support following grants:
-
Authorization code grant: This code grant is used when there is a need to access the protected resources on behalf of user on another third party application.
-
Implicit grant: This grant relies on resource owner and registration of redirect uri. In authorization code grant user needs to ask for authorization and access token each time, but here access token is granted for a particular redirect uri provided by client using a particular browser.
-
Client credential grant: This grant type heads towards specific clients, where access token is obtained by client by only providing client credentials. This grant type is quiet confidential.
-
Resource owner password credentials grant: This type of grant is used where resource owner has trust relationship with the client. Just by using username and password, provided by resource owner authorization and authentication can be achieved.
-
Refresh token grant: Access tokens obtained in OAuth flow eventually expire. In this grant type client can refresh his or her access token.
-
Authorization code grant with PKCE flow: This grant type is used for public clients like mobile and native apps, Single Page web apps, where there is a risk of client secret being compromised.
REST API Authentication
Rest API are very much open to interact. Creating posts, getting information of users and much more is readily available.
It secures the unauthorized access to your WordPress sites/pages using our WordPress REST API Authentication plugin.
Screenshots
Installation
From your WordPress dashboard
- Visit
Plugins > Add New
- Search for
OAuth 2.0 server
. Find and InstallOAuth 2.0 server
- Activate the plugin from your Plugins page
From WordPress.org
- Download OAuth 2.0 server.
- Unzip and upload the
miniorange-oauth-login
directory to your/wp-content/plugins/
directory. - Activate miniOrange OAuth from your Plugins page.
FAQ
-
I need to customize the plugin or I need support and help?
-
Please email us at [email protected] or Contact us. You can also submit your query from plugin’s configuration page.
Reviews
Contributors & Developers
“WordPress OAuth Server ( Login with WordPress )” is open source software. The following people have contributed to this plugin.
ContributorsTranslate “WordPress OAuth Server ( Login with WordPress )” into your language.
Interested in development?
Browse the code, check out the SVN repository, or subscribe to the development log by RSS.
Changelog
2.13.7
- UI improvement – Copy button for endpoints and client credentials
- Bug fix for supplied_redirect_uri
- Consent screen on every login
2.13.6
- permission_callback warning fix
2.13.5
- minor bug fixes
- added copy button to copy the client credentials and endpoints
- readme update
2.13.4
- minor UI updates
- added compatibility with WP 5.7
2.13.3
- minor bug fixes
- fixed compatibility with Brizzy
- added compatibility with WP 5.6
2.13.2
- minor bug fixes
- fixed issue with deactivation form
- added compatibility with WP 5.5
2.13.1
- Added compatibility with WordPress v5.5
2.13.0
- Added UI fixes
- Updated demo plan fixes
- Minor bugfixes and compatibility fixes
2.12.4
- Licensing tab fix
2.12.3
- Added fixes for some features
- Added option to disable authorize screen
2.12.2
- Added Compatibility with WordPress v5.4
2.12.0
- Performance Improvements
2.11.0
- Fixed bug where blank scope led to blank screen
- Fixed “Deny” button resulting in clicking “Allow”
- Fixed unaccounted bytes error notice on activation
- Updated plugin licensing
- Minor UI Improvements
2.10.0
- Added fixes for Loopback Request failure
- Updated Endpoints based on REST API and Authorize Consent Screen
- Minor Bugfixes
2.9.1
- Fixed migration issue
2.9.0
- Fixed bug where bearer access_token was not recognized.
- Updated Endpoints
2.8.2
- Updated Installation Steps
2.8.1
- Compatibility changes for miniOrange OAuth Single Sign On
2.8.0
- Updated registration form
- Advertised Introspection Endpoint
2.7.0
- Added compatibility for WordPress Version 5.2
- Added fixes for OpenID Connect flow
- Added fixes for OTP related issue
- Updated Endpoints
- Added alternative for Sign Up
- Advertised Scope Based Response
2.6.1
- Fixed conflicts for function generateRandomString()
2.6.0
- Advertised new features as per new Licensing Plan
2.5.6
- Added Compatibility for Rocket.chat
2.5.5
- Fixed OTP related issue
2.5.4
- Updated Licensing Plan
2.5.3
- Added Visual Tour fixes
2.5.2
- Added bugfixes
2.5.1
- Added missing files
2.5.0
- New Features
- Major UI Revamp
- Added Feature Tour
2.4.0
- Compatibility with WordPress 5.1
2.3.0
- Added Feedback Form and Updated UI
2.2.1
- Added support for Invision Community and Rocket.chat
2.2.0
- Updated UI
2.1.0
- Fixed the PHP7.2 Compatibility issue
2.0.3
- Changes in the title
2.0.2
- Added features
2.0.1
- Added support for multiple client
1.0.1
- Initial Release