OAuth2
OAuth2 copied to clipboard
WP-API
Connect applications to your WordPress site without ever giving away your password.
Once up and running, I am unable to delete the app or regenerate it's secret. I get the error message "Cheatin’ uh? You are not allowed to delete this application."
Hi guys, I'm developing a few mobile apps that will be used with multiple sites. I need a way to automate the creation of the same oauth2 app with the...
We need to make sure this plugin is thoroughly tested. Step 1 is adding the unit test framework.
Access tokens need to support expiration, and refresh tokens need to be issued to clients during the regular flow. https://tools.ietf.org/html/rfc6749#section-6
For setting a client's details (including name, description, logo, and probably scopes), we should add a Customiser-based view that does this, which would allow client authors to see exactly how...
We need to support [PKCE](https://tools.ietf.org/html/rfc7636), which allows secure use of redirections by public clients where the redirection can be hijacked.
`Tokens\Authorization_Code::validate` takes an `$args` parameter, but we a) don't pass any data in, and b) don't do anything with it. 🙃 Per [the spec](https://tools.ietf.org/html/rfc6749#section-4.1.3), we need to validate `redirect_uri` matched...
We have client secrets generated currently, but these aren't used or required anywhere. We need to require them (per spec) if the client is in confidential mode (as set in...
Clients should be able to have a logo. We can store this as the featured media for the underlying post.