OAuth2

OAuth2 copied to clipboard

As of [WordPress 5.5](https://core.trac.wordpress.org/changeset/48526), if a permission_callback is not provided, the REST API will issue a _doing_it_wrong notice. This is a function that checks if the user can perform the...

amberjones

I added support for password grant type_

drsounds

Change filter names

2

To follow coding standards, change filter names and deprecate current filters.

spacedmonkey

In cases where a given oauth application is a first party client, it may be that one wants to disable the Authorization form (as it wants to be auto-allowed). This...

joehoyle

#18

almirbi

Validating redirect_uri according to rfc6749 4.1.3

1

https://tools.ietf.org/html/rfc6749#section-4.1.3 Check whether redirect_uri matches the one in the initial request; ```validate_redirect_uri``` function does not return a registered callback from the DB anymore, if no redirect_uri has been given, as...

almirbi

Clients marked as confidential need their secrets checked. Not yet complete, need to read the spec and ensure this covers all bases. Fixes #27.

rmccue

Docs are still for OAuth1

3

The documentation needs updating for OAuth2 https://github.com/WP-API/OAuth2/blob/master/docs/basics/Signing.md

kosso

ssia

g000m

Personal tokens are enabled by default. There should be a way for site admins to toggle this on or off.

szczys