Title: Possible bug when verifying an auth code
Last modified: November 2, 2025

---

# Possible bug when verifying an auth code

 *  [bseddon](https://wordpress.org/support/users/bseddon/)
 * (@bseddon)
 * [6 months, 4 weeks ago](https://wordpress.org/support/topic/possible-bug-when-verifying-an-auth-code/)
 * My requirement has been to use the plugin so our existing WP site can be used
   to authenticate an Model Context Protocol server I’m creating. This has been 
   possible using actions and filters to, for example, add support for client registration.
   
   However, one issue it’s not been possible to workaround without modifying the
   plugin code, is in the validation of an authorization code. The issue occurs 
   because if a statement is returned in getAuthorizationCode() (in WordPressdb.
   php) an ‘expires’ member is added to the array using the current timestamp as
   the value.getAuthorizationCode is called from validateRequest() in AuthorizationCode.
   php. However in this function the expires value is tested to see if it is *less
   than* the current timestamp (line 68). Since the value has just been set, it 
   can never be less than that value so the validate request always failsMy fix 
   is to set the expires value in getAuthorizationCode() to the current timestamp
   + 1.

The topic ‘Possible bug when verifying an auth code’ is closed to new replies.

 * ![](https://ps.w.org/oauth2-provider/assets/icon-256x256.gif?rev=2603051)
 * [WP OAuth Server (OAuth Authentication)](https://wordpress.org/plugins/oauth2-provider/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/oauth2-provider/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/oauth2-provider/)
 * [Active Topics](https://wordpress.org/support/plugin/oauth2-provider/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/oauth2-provider/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/oauth2-provider/reviews/)

 * 0 replies
 * 1 participant
 * Last reply from: [bseddon](https://wordpress.org/support/users/bseddon/)
 * Last activity: [6 months, 4 weeks ago](https://wordpress.org/support/topic/possible-bug-when-verifying-an-auth-code/)
 * Status: not resolved