Reputation: 113
How to implement oAuth2 on WordPress based website?
I own a WordPress based website and trying to write an Android app for it. I already tried to check out WordPress's open source Android app, but couldn't figure it out. I want to implement oAuth-2.0 login for the app. Does WordPress have build-in support for oAuth-2.0? How can I implement it on client and server side? Do I need to use a 3rd-party plugin, and is it safe to use plugins?
Upvotes: 2
Views: 1323
Answers (2)
Reputation: 404
Your WordPress website needs an OAuth2 server plugin. This is our premium product: https://lana.codes/product/lana-passport/
You can try it with the demo, and there is also detailed documentation for it.
The OAuth2 server plugin provides the authentication server that is connected to the WordPress user system. It also provides the /authorize, /token and /resource endpoints, to which the client can connect and generate a token, and then use the token to access user data. The Android app will need to connect to these endpoints.
Basically, the Authorization Code grant type should be used for this purpose, because it also provides the WordPress login interface if you are not logged in and need to identify yourself. This is the most user-friendly and most popular grant type.
But it is possible that in the case of an Android app it is more beneficial to use the User Credentials grant type.
It is completely safe to use. We pay a lot of attention to security.
However, we also found serious vulnerabilities in several other OAuth plugins:
https://lana.codes/lanavdb/0bab7575-45fc-432d-945e-6100c35c574c/ (CVE-2022-2083)
https://lana.codes/lanavdb/12bb3c02-45f1-4ce8-8a5a-8b44352cf7fc/ (CVE-2022-2133)
https://lana.codes/lanavdb/6d794d65-d44b-4099-94c5-3dd2995b218c/ (CVE-2022-34149)
Upvotes: 1
Reputation: 1948
Is WordPress has build-in support for oAuth-2.0?
Yes, please refer this link: https://wordpress.org/plugins/oauth2-provider/
how can i implement it on client and server side?
For server side, please refer to: https://developer.wordpress.com/docs/oauth2/
For client side, you can use a well-known library like Retrofit to connect to your server. The link above also provided an examples what client sides should do.
do i need to use 3rd-party plugin and is it safe to use plugins?
Yes, Wordpress needs a plugin for this. Just pick a well-known plugin and you would be safe.
Upvotes: 1
Related Questions
- How to use my wordpress site as an OAuth server?
- how to use wordpress authentication for user login in my android app
- How to implement OAuth2 authorization on Android
- Integrating Wordpress Authorization and Sign in with Android
- WordPress Api + Android
- how to implement OAuth2 and PHP Rest Api for android application
- Android native app authentification with WordPress users
- Oauth 2 on an Android app
- OAuth 2.0 on Android for Web login
- Android & OAUTH 2.0