Using Auth0 and the WordPress REST API

November 10th, 2020

This post is to simply clear up a few confusions I initially had when working with Auth0 and the WordPress REST API. I imagine there may be others out there who would benefit from a little more clarification than has been given on this issue.

Auth0 and the Auth0 WordPress plugin does not offer any support for the WP REST API. This does not mean that Auth0 is blocking the WP REST API. It simply means that you cannot authenticate access to the WP REST API with Auth0 – or that you cannot do this without a fair bit of custom work. I have not seen any significantly helpful information in this area.

You can authenticate access to the WP REST API through a plugin such as JWT Auth, but this is not a desirable solution in many cases, because if you are using Auth0 Universal Sign On, then the user has already entered their login details outside of the site/app and we do not want to ask them to enter their password again in order to authenticate with the REST API.

Of course, this makes Auth0 a less desirable solution for using with WordPress and an app that needs to login to WordPress and query the WP REST API. You might be better off using something like WP OAuth Server instead if you don’t want the hassle of developing something that will work with Auth0 and the WordPress REST API.

If you are still looking to go ahead with it, my client asked a question here which prompted an Auth0 staff member to give the best answer I have seen yet regarding this topic.

I hope this has helped answer some of your questions regarding Auth0 and the WordPress REST API!

Was this post helpful?