Multiple Grant Support
Applies to : Premium or Higher version
- This feature allows you to select any grant type based on your OAuth Provider.
- List of grant type support we provide:
- Authorization Code Grant
- Resource Owner Credentials Grant (Password Grant)
- Implicit Grant
- Refresh token Grant
- PKCE Grant
NOTE - Refresh Token Grant will be used by default. This will be in effect with every other grant.
How to configure different grant types?
- Navigate to the “Configure OAuth” tab and click on “Edit Application” link in front of the application that you want to configure a specific grant type for, like shown below:
- Here, you will find an option to select the Grant Type for the application. Like shown below:
- We use Authorization Code Grant by default. However, you can choose any of the grants available here. Namely - Authorization Code Grant, Implicit Grant and Password Grant.
How to configure Authorization Code/Implicit Grant?
- We already use Authorization Code Grant by default.
- If you are using any of these grants, you probably do not need to do anything special.
- That said, if you are using OpenID Connect Provider, you will need to configure the JWT Support. Please check the JWT Support section.
- If you are using Implicit Grant, it is more likely that you are using OpenID Connect Provider.
- You should also check out OpenID Connect Support section.
How to configure Password Grant?
- When you select Password Grant from the Grant Type menu and save the settings, you will be provided with a new option under the Grant Type menu.
- If you want your users to be able to log into your website with the default WordPress login form, you can check this option.
NOTE - This applies to all the forms that log in the user into WordPress as a whole.
Where is Refresh Token Grant?
Refresh token is used by default to refresh the Access Tokens received during SSO. You can get the refresh token with a hook that we provide.
Please refer the WP Hooks section for more details.
How to configure PKCE flow?
Important: Make sure your OAuth/OpenID provider has support for Authorization code grant with PKCE.
Make sure you have selected grant type as Authorization Code Grant for you OAuth provider.
NOTE - You can enter any value in the client secret field if not provided by your provider.
To enable the PKCE flow for your OAuth / OIDC provider, enable the below PKCE checkbox in the Advanced Grant Type Configuration.