This plugin is a full OAuth 2.0 authorization server/provider for WordPress. The goal of WP OAuth Server is to provide an easy to use authorization method that 3rd party platforms can use to securely authorize users from your WordPress site.
I'm able to successfully retrieve an access token using this plugin but when I wish to attach it to an API requests (say /oauth/me/) it only appears to work when the access token is a parameter, rather than a header.
If I hit http://54.253.241.207/oauth/me/?access_token=XXXXXXXXXX the requests returns successfully. Yet when I use the 'Authorization: Bearer XXXXXX' header I get a 400 response with the response {error: "invalid_request", error_description: "Missing or invalid parameter(s)"}.
Am I right to think that authentication using the 'Authorization' header should still work in the free version of the plugin?
Full Gist of the cURL response is here and the header definitely seems to be present.
I'm able to successfully retrieve an access token using this plugin but when I wish to attach it to an API requests (say /oauth/me/) it only appears to work when the access token is a parameter, rather than a header.
If I hit http://54.253.241.207/oauth/me/?access_token=XXXXXXXXXX the requests returns successfully. Yet when I use the 'Authorization: Bearer XXXXXX' header I get a 400 response with the response {error: "invalid_request", error_description: "Missing or invalid parameter(s)"}.
Am I right to think that authentication using the 'Authorization' header should still work in the free version of the plugin?
Full Gist of the cURL response is here and the header definitely seems to be present.
Thanks for any help.