Skip to main content

Exchange OAuth token for a WordPress JWT (POST)

POST 

/oauth/token

API flow: exchanges a provider-issued token for a WordPress JWT and returns the WordPress user profile. Use this variant for programmatic API clients. The provider must be enabled in the plugin settings.

Supported providers: google, auth0, facebook, github.

Google - supply code (authorization code) or id_token (Google Sign-In ID token). The id_token path returns a WordPress JWT directly; the code path returns the raw Google token response for the client to handle.

Auth0 - supply code (authorization code).

Facebook - supply access_token (Facebook user access token). Returns a WordPress JWT.

GitHub - supply access_token (GitHub user access token). Returns a WordPress JWT.

If the OAuth identity matches an existing WordPress user (by email), a WordPress JWT is returned. If no match is found and "Register on OAuth login" is enabled, a new user is created automatically.

Request

Responses

OAuth login successful. Returns the WordPress user and a JWT.