|
1 | | -# [WP REST API - OAuth 1.0a Server](http://oauth1.wp-api.org/) |
| 1 | +# OAuth 2.0 for WordPress |
2 | 2 |
|
3 | 3 | Connect applications to your WordPress site without ever giving away your password. |
4 | 4 |
|
5 | | -This plugin uses the OAuth 1.0a protocol to allow delegated authorization; that is, to allow applications to access a site using a set of secondary credentials. This allows server administrators to control which applications can access the site, as well as allowing users to control which applications have access to their data. |
| 5 | +This plugin uses the OAuth 2 protocol to allow delegated authorization; that is, to allow applications to access a site using a set of secondary credentials. This allows server administrators to control which applications can access the site, as well as allowing users to control which applications have access to their data. |
6 | 6 |
|
7 | | -This plugin only supports WordPress >= 4.4. |
| 7 | +This plugin only supports WordPress >= 4.8. |
8 | 8 |
|
9 | | -The latest stable version is also available from the [WordPress Plugin Directory](https://wordpress.org/plugins/rest-api-oauth1/). |
| 9 | +## Warning |
10 | 10 |
|
11 | | -## New to OAuth |
12 | | - |
13 | | -We strongly recommend you use an existing OAuth library. You'll be best off if you understand the authorization process, but leave the actual implementation to well-tested libraries, as there are a lot of edge cases. |
14 | | - |
15 | | -Start reading from [the Introduction](docs/introduction/README.md) to get started! |
16 | | - |
17 | | -## For OAuth Veterans |
18 | | - |
19 | | -If you already know how to use OAuth, here's the lowdown: |
20 | | - |
21 | | -* The plugin uses **OAuth 1.0a** in |
22 | | -* We use the **three-legged flow** |
23 | | -* To find the REST API index, apply the [API autodiscovery process](http://v2.wp-api.org/guide/discovery/) |
24 | | -* The endpoints for the OAuth process are available in the REST API index: check for `$.authentication.oauth1` in the index data. |
25 | | - * The **temporary credentials** (request token) endpoint is `$.authentication.oauth1.request` (typically `/oauth1/request`) |
26 | | - * The **authorization** endpoint is `$.authentication.oauth1.authorize` (typically `/oauth1/authorize`) |
27 | | - * The **token exchange** (access token) endpoint is `$.authentication.oauth1.access` (typically `/oauth1/access`) |
28 | | -* Your callback URL must match the registered callback URL for the application in the scheme, authority (user/password) host, port, and path sections. (**Subpaths are not allowed.**) |
29 | | -* The only signature method supported is **HMAC-SHA1**. |
30 | | -* OAuth parameters are supported in the Authorization header, query (GET) parameters, or request body (POST) parameters (if encoded as `application/x-www-form-urlencoded`). **OAuth parameters are not supported in JSON data.** |
| 11 | +This is in extremely early beta, and does not work yet. Please help us out and contribute! |
0 commit comments