Open TimothyBJacobs opened 4 years ago
An example software statement:
{
"software_id": "A uuid",
"redirect_uris": [
"https://example.org/oauth"
],
"client_name": "Your Client"
}
Software statements can now be unsecured, ie with a "none" algorithm instead of the dummy password we had.
I've also added a WP CLI command to assist in generating the software statement. Example usage:
usage: wp oauth2 create-software-statement <client_uri> [<software_id>] --client_name=<client_name> --redirect_uri=<redirect_uri> [--<field>=<value>]
$ wp oauth2 create-software-statement https://timothybjacobs.com --client_name="My App" --redirect_uri="https://timothybjacobs.com/oauth"
Generated software id: 9d2f6eba-2b66-4fbc-9d31-63edd7a6b2f9
Success: Generated Statement: "eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0.eyJjbGllbnRfdXJpIjoiaHR0cHM6XC9cL3RpbW90aHliamFjb2JzLmNvbSIsInNvZnR3YXJlX2lkIjoiOWQyZjZlYmEtMmI2Ni00ZmJjLTlkMzEtNjNlZGQ3YTZiMmY5IiwicmVkaXJlY3RfdXJpcyI6WyJodHRwczpcL1wvdGltb3RoeWJqYWNvYnMuY29tXC9vYXV0aCJdLCJjbGllbnRfbmFtZSI6Ik15IEFwcCJ9."
It spits out a software id you can use as your client_id
when making a connect request. Note the trailing .
is part of the JWT.
To use a dynamic client, make the same OAuth connection request but substitute a JWT Software Statement for the
client_id
parameter. At the moment, the JWT should be signed withHS256
andpassword
as the secret ( this will be changed ).The flow will continue as normal. When the user is redirected back to the redirect_uri it will include a
client_id
parameter in addition to authorization code or token.