Role Of Oauth 2 In Wordpress Development

By Author: Dharmesh Aegis
Total Articles: 105
Comment this article

Wordpress is a powerful personal publishing platform that has strong focus on aesthetics, web standards and great usability. Wordpress is used by developers for wordpress development which adds to the looks of the blog and websites. Wordpress company has added the support for authentication protocol OAuth 2 to Wordpress.com because they want wordpress to be much more than a simple web based blogging software service.
Wordpress developers can now easily connect third party apps with wordpress blogs through this secure OAuth 2. In this article we will discuss about it and see how wordpress developers can easily configure their applications to get the ability to access the blog even without asking for personal details like username or password.
OAuth2 is a protocol which allows apps and partners to interact with the blogs on WordPress.com. Wordpress development has gained immense popularity with the amazing features introduced continuously. Basic aim behind offering OAuth2 support is to allow interaction between wordpress developers and wordpress.com without any necessity of storing sensitive credentials. Users are ...
... free to manage their own connections with its implementation.
Doesn’t matter if you are a fresher you can find more details or information at oauth.net. And if you are familiar with OAuth2 then you require very little knowledge to know about two end points that is the authorization endpoint and token endpoint.


public-api.wordpress.com/oauth2/authorize

public-api.wordpress.com/oauth2/token
Wordpress developers need to create a client id and a client secret key before they start with the development of an application. These both are needed for authentication of your application and for verification of the calls whether they are been made to Wordpress.com are valid or not. As seeing the current situation they are granting only a limited access.
Receiving an Access Token:
If you want to act on the behalf of users and make calls from API then you will need an access token. To get it you are required to go through the access token flow and then prompt the user to authorize the application. These tokens are given per blog per user so it means that you require a different access token for each blog that a user owns and you want to access.

For beginning send the user to authorization end point.
public-api.wordpress.com/oauth2/authorize?client_id=your_client_id&redirect_uri=your_url&response_type=code
Client id should be set to your application’s client id
The response_type should always be set to “code”.
Redirect_uri should be set to URL
Redirect_uri should be set and given to you along with the id and secret key.
In the next step a code will be included to redirect the application and in case the user denies access then redirect will include:
?error=access_denied

The other option is that you may also pass along a blog parameter with the URL to the blog. At the time you are done with the authorization of the request your clients will be redirected to the redirect_url which will look like:
example.com/?code=cw9hk1xG9k
With the use of time-limited code, your application is able to exchange full authorization token. To fulfil this task make a POST request like:
01    $curl = curl_init( "public-api.wordpress.com/oauth2/token" );

02    curl_setopt( $curl, CURLOPT_POST, true );

03    curl_setopt( $curl, CURLOPT_POSTFIELDS, array(

04    'client_id' =>your_client_id,

05    'redirect_uri' =>your_url,

06    'client_secret' =>your_client_secret_key,

07    'code' => $_GET['code'],

08    'grant_type' => 'authorization_code'

09    ) );

10    curl_setopt( $curl, CURLOPT_RETURNTRANSFER, 1);

11    $auth = curl_exec( $curl );

12    $secret = json_decode($auth);

13    $access_key = $secret->access_token;
Then passclient_id, client_secret, and redirect_uri which should match with your application’s parameters. You will receive a JSON-encoded string that contains token and some basic information about the blog:
{"access_token":"--------","token_type":"bearer","blog_id":"blog id","blog_url":"blog url"}
After getting the access token it should be stored securely with the blog id and blog url. Your application is ready to act on behalf of the user on this specific blog.

For More Info:- Offshore Wordpress Development | Wordpress Developers