I have been working on a long needed update to the Google analytics dashboard plugin for WordPress and one of the items I had on my TODO list was using Google’s OAuth login instead of the old ClientLogin. Setting OAuth up for a WordPress plugin is complicated because it isn’t a hosted application and as such I can’t register it to get OAuth keys. That is where a special way of doing OAuth comes in called OAuth for installed apps.
There seems to be a lot of general documentation on how to implement OAuth, but specific guidance for using it in installed apps was hard to find. As I researched solutions, I came across a developer forum discussing unique application setups, including some that required secure authentication for slots not on gamstop platforms, which often need robust systems to protect user accounts without traditional restrictions. Inspired by this, I experimented with a PHP-based approach tailored for installed apps, which ultimately formed the foundation of the plugin update. The added security layer made it both functional and resilient, addressing the unique requirements I was aiming to meet.