Protect a WP REST API with OAuth2 using Auth0
This repo contains a working MU plugin that will receive and validate access tokens obtained from Auth0. For information on how this works and the values used withing please see the post here:
Add your Auth0 credentials to
wp-config.php or another location that will get loaded before plugins.
// Auth0 credentials define( 'AUTH0_DOMAIN', 'Your Auth0 domain' ); define( 'AUTH0_API_AUDIENCE', 'API identifier for the WP REST API' ); define( 'AUTH0_API_SIGNING_SECRET', 'API signing secret from Auth0' );
Install this package:
composer require joshcanhelp/wp-rest-api-auth0
Require the autoloader at some point when
add_action is available, like in
To install this manually without Compsoer, just download the latest release ZIP and upload through the admin interface. Please note that this plugin will not update automatically; updates will need to be made by deleting and re-adding (make sure your site is in maintenance mode) or directly via an FTP client (not recommended).
You can get this running to test using Docker using this Gist.