OAuth plugin for WordPress
December 28th, 2013 by andre

The OAuth plugin for WordPress allows you to provide authentication against any OAuth provider. This plugin is uses the OAuth library by Manuel Lemos. The plugin allows the admin to select any from the services supported out-of-the-box by the said library. Additionally it is possible to configure a service manually, which means almost any site supporting the OAuth protocol can be used.

Please note the plugin has been submitted to to be added to their website. Until it is approved, manual installation is required. Download the file and upload it to the WordPress admin panel, select plugins -> add new, and then choose upload from the top menu. Alternatively upload the files manually.

BlaatSchaap SSO: Oauth 0.4.2
BlaatSchaap SSO: OAuth 0.4.1
BlaatSchaap SSO: OAuth 0.4
BlaatSchaap SSO: OAuth 0.3.6
BlaatSchaap SSO: OAuth 0.3.5
BlaatSchaap SSO: OAuth 0.3
BlaatSchaap SSO: OAuth 0.2
BlaatSchaap SSO: OAuth 0.1


Please add three empty pages. One for logging in to your website, one for linking OAuth to local user accounts, and one for signing up. Go to the BlaatSchaap Auth pages configuration and select the pages you’ve just created. Once this is done, services can be added.

You will need to register an app with the authentication provider. When you have registered the app, you will be provided with a client id and client secret. The names used by service providers may vary. Enter these values and you’re (almost) ready to go. Certain providers *require* a default scope to be set. Set this to basic profile or email or so to make it work. Below are a few examples with links where you can register an app.

To register an app, go to
Click “show” to reveal the sercret, and enter the App-id and app-secret into the client id and client secret fields on the BlaatSchaap OAuth configuration.
Facebook does not require a scope. The scope for email is be “email”

Go to to register your app.
Enter the client id and client secret at the corresponding fields in the BlaatSchaap OAuth configuration.
Google requires a default scope. For authentication, Google recommends using the Google+ profile “”. The scope for email is “”

Go to to register an app. Enter the client id and client secret at the corresponding fields in the BlaatSchaap OAuth Configuration.
Microsoft requires a default scope. For example “wl.basic” gives access to the basic profile.

54 Responses  
  • HC writes:
    January 11th, 201423:22at

    Just installed the plugin and set up authentication with Google and Facebook. A couple of screenshots would be helpful, but otherwise it’s all good. Is the plugin still under development?

    • andre writes:
      January 11th, 201423:29at

      Yes, I am still working on it. But it is like, I’m working on it in spurts, so I have no estimate for the next release. I’ll look at writing some more documentation, and include some screenshots. I’m planning to do some graphics updates to include more service icons. I’m also considering support adding for uploading custom icons.

  • Candice writes:
    January 20th, 201423:09at

    I’m excited to give this a shot. I will be trying configure a service manually (

    • andre writes:
      January 20th, 201423:21at

      If you could provide feedback if it works, I would be grateful.
      From experience I know some sites, like, give trouble.

      • Candice writes:
        March 17th, 201421:23at

        Hi Andre:

        I’m having difficulty getting this set up with our platform ( I would be forever grateful for any assistance you might be able to provide me as I am most definitely a noob at this! I have token retrieval instructions from the developers at Kona which may be helpful to you?

        • andre writes:
          March 18th, 201400:17at

          I have sent you an email.

  • Chris writes:
    March 16th, 201406:03at

    Hi there this plugin works brilliantly, thanks.

    I just have one question and problem.
    Im trying to write a cookie that holds wp username, provider client name and token to a cookie upon successful login, but this isnt working.
    Could you be so kind as to advise where this can be placed or what to do so that wordpress can drop the cookie? Please its rather urgent.

    Thanks in advance.

    • andre writes:
      March 17th, 201414:07at

      I am using a PHP session to store the data needed to process the OAuth request.
      I think the problem you’re experiencing is that you’re trying to set a cookie on a page that contains a http redirect.

  • anon writes:
    March 25th, 201417:34at

    How do I designate certain user accounts as admin accounts using your plugin (so that those users can access wp-admin)?

    • andre writes:
      March 25th, 201417:41at

      The plugin links WordPress accounts to external accounts. Therefore, changing user rights works the same way is it would have without this plugin, using /wp-admin/users.php

  • Ong Kok Choong writes:
    April 8th, 201417:50at

    Facing this error after installation. Can advise?

    Call to undefined function e_() in /home/action/workspace/www/wordpress/wp-content/plugins/blaatschaap-oauth/blaatoauth.php on line 48

    • andre writes:
      April 9th, 201419:37at

      There is a bug in the code that creates the title for the BlaatSchaap plugins overview page. This page has not yet been created since the BlaatSchaap coding projects have not released any other WordPress plugins yet. The page itself is an empty page, and this bug does not influence the plugin’s functionality. You can access the configuration pages in the submenu’s under BlaatSchaap. This bug will be fixed next release.

      Technical details: in blaatoauth.php:

      if (!function_exists(“blaat_plugins_page”)) {
      function blaat_plugins_page(){
      e_(“BlaatSchaap Plugins”,”blaat_auth”);

      e_ should have been _e.

    • andre writes:
      April 12th, 201416:21at

      New version had been released.

  • Eric writes:
    February 5th, 201507:32at

    I am really excited about this for the Etsy API

    I keep getting ERROR: options page not found. from the General Auth page. Any tips?


    • andre writes:
      March 5th, 201519:40at

      I have released a new version that fixes this issue.

  • Alexey writes:
    February 18th, 201518:24at

    Hello Andre!

    I am trying to use your plugin with SSO (oauth 1.0a based).
    However I am a newbie in both WP and SSO. May you help me to add a custom provider?

    • andre writes:
      March 25th, 201510:51at

      VATSIM does not follow the OAuth standard, but uses a OAuth inspired protocol. I’ve developed a custom version for use with VATSIM.

      • Tom writes:
        April 24th, 201508:57at

        Hello Andre

        i like very much your plugin its very easy to use, but i have a question, how can i add only the login with button to other page? the main goal is the user click to login and then they return to that page.


        • andre writes:
          April 24th, 201509:28at

          At this moment I am working on a major rewrite of the plugin. In the new release this will be possible.

  • VP writes:
    February 24th, 201515:40at

    This plugin looks promising for what I need to do. After selecting the page where I want the OAuth login to appear and clicking Save Changes I get WP error “ERROR: options page not found.” and the url is /wp-admin/options.php.

    Also how I can select a custom post type page for the login form?

    • andre writes:
      March 5th, 201519:40at

      I have released a new version that fixes this issue.

  • achax writes:
    March 5th, 201519:38at

    Hi, i’m using your plugin to use a OAuth2 server, and they are asking me the callback URL. I assume it will be one of the generated pages? i’ve named them logging, linking and sign-up.

    • andre writes:
      March 5th, 201519:39at

      For callback url, please use the URL you have configured for logging in.

  • achax writes:
    March 5th, 201519:43at

    u rock!

  • Satheesha writes:
    March 6th, 201506:37at

    I have lot of ambiguity, I created three pages named login,signup,register and selected.
    these are my settings:
    token url :http://IPadress:8080/auth/authorize
    dialog url :http://IPadress:8080/auth/dialog
    token url :http://IPadress:8080/auth/token
    Offline Dialog URL (optional):empty
    Append state to redirect :empty
    URL Parameters:selected
    Authorisation Header:selected
    Display order :1
    Client ID:validclientid
    Client Secret:valid client secret
    Default Scope:openid,profile,email,address,phone,offline_access
    I saved above settings..
    when I go to wordpress login page , it is not showing anything.
    help me

    Thanks in advance

    • andre writes:
      March 6th, 201511:57at

      If you navigate to the page you have selected as login page, you should see a button to log in with your configured service. The plugin does not hook with the /wp-login.php page.

      • Satheesha writes:
        March 9th, 201512:23at

        Hi, Andre,
        thanks for your reply
        Is this plugin compatible with the word press 4.1.1(In my case) .
        I navigated to login page ,its showing the buttons I have configured but when I click on that its saying wrong dialog URL.
        I have no idea how to form dialog URL can you help me with that.

        Thanks in advance

        • andre writes:
          March 9th, 201513:52at

          The plugin should work fine with WordPress 4.1.1

          What service are you trying to configure? If it says something like “wrong dialog url”, does that mean you’re using a custom service?

          • Satheesha writes:
            March 9th, 201515:38at

            Yes I am using custom service,I am using open id connect server (it is java based oauth server). My users are stored in Ldap database, I was able to login to oauth server using ldap credentials,Now I need to integrate WordPress with oauth server
            when i give dialog url as :http://IP:8080/auth/login, it s going to oauth server login page, after entering credentials its logging to oauth server, not redirecting my wordpress

            I am stuck, guide me.

          • andre writes:
            March 9th, 201516:39at

            For OAuth2 based services, certain parameters are sent to the dialog URL, including the redirect URL. (However, some servers configure the redirect URL server side)
            This means, the redirect URL should be something like

            Let me know if that works!

        • Satheesha writes:
          March 10th, 201508:18at

          I configured redirect URI as format given by you and I filled it in dialog URL
          I was able to logging into oauth server, There is no redirction.

          The second Thing I tried, I supllied dialog URL as http://IP:8080/auth/login and given redirect URI as http://IP:8080/wordpress/ on server side even though its not redirecting.

          I have no idea where I am going wrong
          Can i know what is role of dialog URL in your plugin, I think its taking me to oauth server login page I dont understand what happening on later stage

          • andre writes:
            March 10th, 201509:16at

            So, basically, how OAuth works. The “Dialog URL” is part of the OAuth mechanism. This is where the user logs in to the service you’re authenticating against, and is prompted to give your site/app permission. Once the user has given permission to your app, the service sends the user to the redirect URL. The redirect URL should be on your website, this is not part of the service. (e.g. )

  • pty writes:
    March 8th, 201509:14at

    Hi, andre. I want to get help.
    When I click the log-in button which is generated by the plugin, it’s redirected to my_website/bsoauth_id=3 page, and this page just shows my homepage.
    I try the server ‘github’ and ‘microsoft’, There are the same results.
    What’s the problem here?

    • andre writes:
      March 8th, 201513:42at

      Have you configured the pages correctly? ( /wp-admin/admin.php?page=bsauth_pages_plugins )
      There you can set where the login button is supposed to appear,
      This page will also be used in the redirecting process where it will receive the authorisations.
      Also, permalinks must be enabled for this to function properly.

  • Satheesha writes:
    March 10th, 201508:34at

    Do we need to configure anything wordpree permalink settings

    • andre writes:
      March 10th, 201509:19at

      Please enable Permalinks, as it is used to redirect to pages.

      • Satheesha writes:
        March 10th, 201509:58at

        Can you provide me your mail details
        I will send couple of screenshots ,It might be convenient for you to guide me.

        • andre writes:
          March 10th, 201510:33at

          In wordpress dashboard: Settings -> Permalinks
          Any setting but default should be fine. See what you like for the rest of your site.
          See also my mail.

          • Satheesha writes:
            March 10th, 201511:34at

            when i select default permalink login page does not showing buttons, so i selected day and name

  • achax writes:
    March 23rd, 201515:54at

    Hello again. i have your plugin working great with a custom oauth2 server, so thank you. I have a question: is it possible to automaticaly check if the user is logged in without having to press the button? i’m combining two sites (one in rails, which is the oauth2 server) and a marketplace in wordpres (woocommerce).
    thanks in advance

    • andre writes:
      March 23rd, 201516:33at

      At the moment this is not supported. I will investigate the possibilities to implement this, and is feasable include it in the next release.

  • Adam writes:
    March 24th, 201516:22at

    Hello, I have been looking at your plugin for word press but cannot seem to get it working quite right. I’m using wordpress 4.1.1. But I’m getting the following errors:

    Notice: wp_register_style was called incorrectly. Scripts and styles should not be registered or enqueued until the wp_enqueue_scripts, admin_enqueue_scripts, or login_enqueue_scripts hooks. Please see Debugging in WordPress for more information. (This message was added in version 3.3.) in /var/sites/wordpress/wp-includes/functions.php on line 3547

    Notice: Use of undefined constant bsoauth_menu - assumed 'bsoauth_menu' in plugins/blaatschaap-oauth/blaatoauth.php on line 42

    As well going on the Oauth configuration tab in settings gives me the following errors:

    Notice: Undefined index: add_service in plugins/blaatschaap-oauth/bs_oauth_config.php on line 729

    Notice: Undefined index: add_custom_service in plugins/blaatschaap-oauth/bs_oauth_config.php on line 730

    Notice: Undefined index: delete_service in plugins/blaatschaap-oauth/bs_oauth_config.php on line 731

    Notice: Undefined index: update_service in plugins/blaatschaap-oauth/bs_oauth_config.php on line 732

    • andre writes:
      March 25th, 201510:52at

      These issues will be fixed in the 0.4.2 release, which will probably be ready next week.

  • Jim writes:
    April 1st, 201517:29at

    Great work, thanks so much!

    Will this work with any kind of plugin to prevent registration spam?

    • andre writes:
      April 1st, 201523:43at

      This plugin allows logging in with OAuth services in addition to local accounts. There is an option to hide local accounts. A user can only sign up when they have an account at your configured OAuth Provider. However, this feature is experimental, it was designed to function with a custom plugin, and might not operate properly with the regular OAuth plugin. Only allowing signups with OAuth will be present in a future release, including support for automatic sign-up.

      At this moment, I suggest some captcha plugin such as Captcha by BestWebsoft.

  • Jim writes:
    April 16th, 201517:11at

    What would be the best way to skip the registration page, if I have WP user registration turned off?

    Can I just put

    if ( get_option( ‘users_can_register’ ) ) {

    around some code?

    • Jim writes:
      April 16th, 201517:35at

      Ok, changing line 443

      case $register_page :


      case $register_page :
      if ( get_option( ‘users_can_register’ ) ) {
      } else {
      header(“Location: “.site_url(“/”.get_option(“link_page”)). ‘?’ . $_SERVER[‘QUERY_STRING’]);

      seems to work.

      Can I suggest making something like this part of your next release?

  • Noah writes:
    July 29th, 201500:24at

    Are there detailed steps as to what pages are necessary to create and/or what settings are required in order for the plug-in to function? I have what I think is a properly configured set up but I do not see the buttons anywhere.

    • andre writes:
      July 29th, 201500:30at

      Hey! I have been rewriting the config pages. I haven’t updated the instructions on the website yet. I’m sorry for that. I have been busy working on other projects lately.
      Anyhow, for the buttons to appear: make sure you’ve selected the right page where the buttons are to appear ( http://yourdomain.tld/wp-admin/admin.php?page=blaatlogin_configure_pages ), and make sure you’ve checked the “enabled” checkbox at the service ( …/admin.php?page=blaatlogin_configure_services ) .

      • Noah writes:
        July 29th, 201502:21at

        Hello, thank you for the quick reply. I have followed those steps but there is no button on the page that I have selected.

  • Brayden writes:
    January 2nd, 201619:11at

    Hey Andre!

    I am currently using your VATSIM plugin, and I have a question. Is it possible to change the return URL so when a user is authenticated via VATSIM, they are returned to a certain page rather than the login page?

    Thanks in advance!

    • andre writes:
      January 3rd, 201618:26at

      Question has been answered over mail

  • Karl writes:
    December 9th, 201606:40at

    Could someone walk me through how to get the VATSIM SSO with this running on my wordpress website? I’m really not very good with this coding. Any help is appreciated. Thank you.

    • andre writes:
      December 15th, 201609:08at

      It’s been ages since I’ve touched the oauth plugin or even the vatsim fork.
      But what you need is an API key and secret, enter it into the wordpress configuration.
      Then create a page for the login screen, and assign it to the login page.

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>
»  Substance:WordPress   »  Style:Ahren Ahimsa