Skip to main content

Exchange OAuth authorization code for a WordPress JWT (GET)

GET 

/oauth/token

Browser-redirect flow: exchanges a provider authorization code for a WordPress session and redirects the browser to the WordPress admin (or login page on failure). The provider must be enabled in the plugin settings.

Supported providers: google, auth0, facebook, github.

Google flow - pass provider=google with code.

Auth0 flow - pass provider=auth0 with code.

Facebook flow - pass provider=facebook with code.

GitHub flow - pass provider=github with code.

If the OAuth identity matches an existing WordPress user (by email), the user is logged in. If no match is found and "Register on OAuth login" is enabled, a new user is created automatically. On failure the browser is redirected to the WordPress login page.

Note: this endpoint is designed for browser redirect callbacks (OAuth consent screen redirect_uri). To obtain a JWT programmatically, use POST /oauth/token instead.

Request

Responses

Browser redirected to the WordPress admin URL after a successful login, or to the WordPress login page on failure. The response body is empty HTML.