$oauthError->sendHttpResponse(); } break; case 'request_token': header('X-Frame-Options: DENY'); error_reporting(0); try { $oauth->grantAccessToken(); } catch (OAuth2ServerException $oauthError) { $oauthError->sendHttpResponse(); } break; case 'request_access': error_reporting(0); try { $token = $oauth->getBearerToken(); $data = $oauth->verifyAccessToken($token); // GET THE USER ID FROM THE TOKEN AND NOT THE REQUESTING PARTY $user_id = $data['user_id']; global $wpdb; $info = $wpdb->get_row("SELECT * FROM {$wpdb->prefix}users WHERE ID = " . $user_id . ""); // don't send sensitive info accross the wire. unset($info->user_pass); unset($info->user_activation_key); // add user metadata $infometa = $wpdb->get_results("SELECT meta_key, meta_value FROM {$wpdb->prefix}usermeta WHERE user_id = " . $user_id . ""); foreach ($infometa as $metarow) { // exclude sensitive data if (1 === preg_match("/pmpro_|token|wp_|theme_my_login_security|credit|card|password/i", $metarow->meta_key)) { continue; }