All You Need to Know About WP OAuth - a tool to setup SSO to your website
You may experience an occasion where a website redirects you to another website and instead of asking you to share your password it provides you with dialogs below.
The dialogue box usually mentions something like “This application is asking if it can access data on your behalf” and listing the information that it can access from your account.
This protocol is called OAuth. It allows you to access other websites from certain websites directly without re-entering your username and password.
There are several plugins that offer this kind of protocol to be applied to your WordPress website. So, in this article, we are going to review one of the WordPress plugins to use OAuth, WP OAuth Server.
Getting Started
WP OAuth is a plugin that allows you to add an OAuth 2.0 server for your WordPress site. With this, you can use your website as a Single Sign-On (SSO) and authorization for 3rd parties including mobile apps or desktop software. The purpose of this plugin is to provide an easy-to-use authentication and authorization method in giving your website access to other people while protecting the owner’s account credentials.
Created by Justin Greer, this plugin has 3000+ active installations in WordPress. Besides, it is ideal for small to enterprise size projects to lessen their workload for development. For instance, major organizations like NYPD, Harvard University, UK Government, and Future Forest are using WP OAuth to secure their website access.
WP OAuth plugin is scalable, fast, and secure. Also, the plugin supports OpenID and has predefined grant types to make it able to connect with any type of software. It is available both for free or premium.
Overview video of WP OAuth
What are OAuth 2.0 and SSO?
OAuth stands for “Open Authorization” which is a protocol to allow a website or application to access resources hosted by other web apps on behalf of a user. The newest version of it is OAuth 2.0. With this, other people are able to access your website under your consent using access tokens without the need to share your website’s credentials.
As for SSO or “Single-Sign-On”, it is the authentication process that allows a user to access multiple WordPress sites using the same set of usernames and passwords. SSO can be accomplished by using different authorization protocols like OAuth 2.0 mentioned above.
There are several advantages to using SSO:
- Users can log into multiple websites without having to reauthenticate for each system.
- Utilizes a single standard throughout a network or system of websites making data uniform.
- Streamline the flow of users from and to systems.
Why should I use WP Oauth?
- Easily login to other websites with the same username and password
- Connect multiple websites or applications
- Allow other users to access your website without necessarily giving your password
- Give restrictions for other users when accessing your website.
What are the features of WP OAuth?
- WP REST API Authentication
Provides the ability to make authorized calls to protected REST API endpoints.
- WP REST API LockDown.
Prevent any calls to the REST API unless authorized.
- Unlimited OAuth 2.0 Clients
- Support for Implicit Flow
- Built-In Resource Server
- Automated Authorization Flow
You do not have to see the authorization screen to control your authorization.
- Easily Extend/ Modify the Endpoints
- OAuth 2.0 PKCE
- Modern and Legacy JWT authorization support. OAuth 2.0 JSON Web Token Support
How is the connectivity of WP OAuth?
WP OAuth has predefined grant types to make any connection type possible.
Here is the list of supported grant types:
- Authentication Code w/Implicit
- User Credentials (Pro)
- Client Credentials (Pro)
- Refresh Token (Pro)
- OpenID Connect (Pro)
- OpenID Discovery
- Public Clients (Pro)
- Public Client Proof of Key Exchange (PKCE)
In addition, the WP Oauth plugin supports other apps including:
- Connect any Custom Mobile and Desktop Application to WordPress’s Backend.
- Any software or web platform utilizing OAuth 2.0.
- Allows RocketChat to use WordPress as a Backend.
- Connect Moodle LMS and use WordPress users.
- Alexa Skills Authentication
- Tribe.so Community OAuth 2 SSO Support
How is the pricing of WP OAuth?
If you prefer getting premium features of WP OAuth, it offers 3 licenses:
- Personal (for 1 site) – $89.00
- Business (for 3 sites) – $149.00
- Developer (unlimited sites) – $499.00
Find out more about WP OAuth’s pricing.
What is the difference between free and premium versions?
The free version of WP OAuth is suitable for a simple website to website and is already capable of Single Sign-On projects. However, it only includes authentication code as the grant type.
On the other side, when you need more connectivity, WP OAuth Pro is available for you. The Pro version opens all the OAuth authorization schemes up and allows you to expand your authentication needs to desktop software, mobile applications, and other setups. If you but WP OAuth Pro then you will receive premium support and access to exclusive product launches, updates, and access to the developers that built WP OAuth Server.
Where can I get WP OAuth?
There are 2 ways to get the WP OAuth plugin:
- Search “WP OAuth Server” in the WordPress plugin directory, click install, then activate it.
- Download the plugin, upload it to the WordPress plugin directory, then activate.
Read more about WP OAuth setup & configuration.
How to use WP OAuth?
Pros
- Provides a plugin to support OAuth 2.0
- Works well
Cons
- Poor customer support
- Limited features in free version
Conclusion
WP OAuth is a WordPress plugin to set up your site with OAuth 2.0 so that you can use SSO on your website. This plugin is scalable, fast, and secure, perfect for small to enterprise organizations that need to secure their website’s accessibility. Moreover, it can connect any type of software to your website as WP OAuth supports OpenID and all other grant types. You can choose between the free or the premium version of WP OAuth Server according to your necessity.