id	summary	reporter	owner	description	type	status	priority	milestone	component	version	severity	resolution	keywords	cc
21907	Allow custom errors on login when using XML-RPC	koke	westi	"Currently, the code for login in XML-RPC does this:

{{{
$user = wp_authenticate($username, $password);

if (is_wp_error($user)) {
        $this->error = new IXR_Error(403, __('Bad login/pass combination.'));
        return false;
}
}}}

So any custom error returned by wp_authenticate is thrown away and replaced by a generic error

Our use case: we recently added Two Step authentication to WordPress.com. The XML-RPC api needs to use an application specific password, since there's no support for entering the auth code. When a user logs in with the right username/password we need to return a specific error message asking the user to login with an application specific password.

Other custom login systems may require specific error messages too"	enhancement	closed	normal	3.5	XML-RPC	3.5	normal	fixed	mobile westi-likes has-patch dev-feedback	erick@… batmoo@… sirzooro