Make WordPress Core


Ignore:
Timestamp:
01/29/2021 12:05:20 AM (4 years ago)
Author:
TimothyBlynJacobs
Message:

App Passwords: Introduce introspection endpoint.

This introduces a new endpoint, wp/v2/users/me/application-passwords/introspect, that will return details about the App Password being used to authenticate the current request. This allows for an application to disambiguate between multiple installations of their application which would all share the same app_id.

Props xkon, peterwilsoncc, TimothyBlynJacobs.
Fixes #52275.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/rest-api.php

    r50060 r50065  
    10491049 *
    10501050 * @since 5.6.0
     1051 * @since 5.7.0 Added the `$app_password` parameter.
    10511052 *
    10521053 * @global WP_User|WP_Error|null $wp_rest_application_password_status
     1054 * @global string|null $wp_rest_application_password_uuid
    10531055 *
    10541056 * @param WP_Error $user_or_error The authenticated user or error instance.
    1055  */
    1056 function rest_application_password_collect_status( $user_or_error ) {
    1057     global $wp_rest_application_password_status;
     1057 * @param array    $app_password  The Application Password used to authenticate.
     1058 */
     1059function rest_application_password_collect_status( $user_or_error, $app_password = array() ) {
     1060    global $wp_rest_application_password_status, $wp_rest_application_password_uuid;
    10581061
    10591062    $wp_rest_application_password_status = $user_or_error;
     1063
     1064    if ( empty( $app_password['uuid'] ) ) {
     1065        $wp_rest_application_password_uuid = null;
     1066    } else {
     1067        $wp_rest_application_password_uuid = $app_password['uuid'];
     1068    }
     1069}
     1070
     1071/**
     1072 * Gets the Application Password used for authenticating the request.
     1073 *
     1074 * @since 5.7.0
     1075 *
     1076 * @global string|null $wp_rest_application_password_uuid
     1077 *
     1078 * @return string|null The App Password UUID, or null if Application Passwords was not used.
     1079 */
     1080function rest_get_authenticated_app_password() {
     1081    global $wp_rest_application_password_uuid;
     1082
     1083    return $wp_rest_application_password_uuid;
    10601084}
    10611085
Note: See TracChangeset for help on using the changeset viewer.