Plugin Directory

WP OAuth Server

Create and Manage an OAuth 2.0 server powered by WordPress. Become a Single Sign On Provider and or resource server.


  • Fixed bug in refresh token that prevented use of refresh tokens


  • Forced all expires_in parameter in JSON to be an integer
  • Add determine_current_user hook for WP core authentication functionality
  • Added authentication support for WP REST API


  • Patch to possible exploit when editing a client.
  • Slight UI changes.
  • Patched auth code table for large id_tokens.
  • Fixed security issue with token lifetime.


  • Client name is not click able to show edit popup
  • Fixed issue with missing exits in API


  • Added specific OpenSSL bit length for systems that are not create keys at 2048 by default.
  • Added urlSafeBase64 encoding to Modulus and Exponent on delivery.
  • Tweak redirect location in API when a user is not logged in


  • Added userinfo endpoint to /.well-known/openid-configuration
  • Fixed improper return of keys when for public facing /.well-known
  • Auto generation of new certificates during activation to ensure all server have a different signature


  • Switched JWT Signing to uses RS256 instead of HS256.
  • Added OpenID Discovery with REQUIRED fields and values.
  • "sub" now complies with OpenID specs for format type.
  • Added JWT return for public key when using OpenID Discovery.


  • Bug fix in OpenID


  • Fixed "Undefined Error" in Authorization Controller. Credit to Frédéric. Thank You!
  • Remove "Redirect URI" Column from clients table to clean up table on smaller screens.
  • Updated banner and plugin icon.


  • Removed permalink check. OAuth Server now works without the use of permalinks.
  • Fixed install functionality. Not all tables were being installed.
  • Added support for cytpto tokens.
  • Added OpenID Connect abilities.
  • Mapped OpenID Claims to default user values
  • Added index to token table and increased access_token length to support crypto tokens in the future.
  • Added "email" to default me resource to support OpenID Connect 1.0
  • Added generic key signing for all clients.
  • Added public endpoint for verifying id_token (/oauth/public_key)


  • Updated Readme.txt content
  • Add more descriptive text during PHP version check
  • Fixed license links
  • Added Access Token and Refresh Token lifetime settings
  • Added upgrade method to ensure proper installing of new features


  • Modified how clients are added and edited
  • Add Pro Features
  • Added additional information to "Server Status" Tab
  • Minor Clean Up


  • Re added Authorization Code Enable Option
  • API unavailable error now uses OAuth Response object
  • API now reports when access token is not provided during resource calls


  • Updated cover image.
  • Fixed documentation links.
  • Added "Server Status" tab
  • Cleaned up "Advanced Configuration" contents.


  • Updated and rebuilt structure.
  • Visit http://wp-oauth.com for documentation and more information.


  • Rebuild init plugin code structure for more flexibility and scalability.
  • Added prefix to all DB connections
  • Changed install query to use the InnoDB engine for better support and performance.
  • Fixed improper loading of plugin style sheet.
  • Removed garbage data when plugin is activated. It was not being used and cluttering the code base as well as the database.
  • Move action template_redirect to rewrites file
  • Added login form support for installs that are installed in sub directory
  • Added missing in documentation for when calling requesting_token
  • Suppressed some errors that was preventing a proper JSON return when WP_DEBUG was enabled.
  • Added a client sample script to help learn the basics of connecting to the provider plugin.
  • Add legacy installer that will hopefully keep old data in tacked while updating to the new structure with no data loss.
  • Removed plugin logging as it was not really needed and caused more issues that it was worth.


  • Fixed Admin URL links for plugin dashboard


  • Fixed Broken login redirect


  • Re-worked Readme.txt
  • Fixed absolute paths causing 404 Error when WordPress is running under a sub directory (Using admin_url() currently)



Requires: 4.2 or higher
Compatible up to: 4.2.3
Last Updated: 2015-7-15
Active Installs: 500+


4.9 out of 5 stars


2 of 3 support threads in the last two months have been resolved.

Got something to say? Need help?


Not enough data

0 people say it works.
0 people say it's broken.