Oauth v2 & WordPress

I’m trying to get FormLift using Oauth v2, but FormLift is a client owned application on each individual WordPress Site,

So, can some explain how that would work?

My initial thought was to authorize through formlift.net as kind of a gateway, but I’m not sure how requesting and refreshing tokens would work in that regard…

Bringing over my answer from the Facebook group

You essentially have to create a token proxy service that handles all the tokens and then sends them to the WordPress install.
I’ve attached a basic flow chart for the initial authorization.


Personally, for plugin authentication, I just add a table to the wordpress database when ever a call is run it will include reading the tokens and testing them. If they fail then try a refresh. If the refresh fails then there was some other uncommon issue and authentication would need to be requested again.

The option of using a proxy service has been talked about among some of us developers and it is another approach but, of course, requires someone hosting the proxy and managing the refresh cycles for any managed sets of tokens.

but the issue is the end user has to have the HTTPS protocol on their site to use the oauth, thus using a proxy solves that problem.

I’m happy to host the proxy so I think I’m going to go with that.

1 Like