Changeset 50065 for trunk/src/wp-includes/rest-api.php

Timestamp:

01/29/2021 12:05:20 AM (4 years ago)

Author:

TimothyBlynJacobs

Message:

App Passwords: Introduce introspection endpoint.

This introduces a new endpoint, wp/v2/users/me/application-passwords/introspect, that will return details about the App Password being used to authenticate the current request. This allows for an application to disambiguate between multiple installations of their application which would all share the same app_id.

Props xkon, peterwilsoncc, TimothyBlynJacobs.
Fixes #52275.

File:

• trunk/src/wp-includes/rest-api.php (modified) (1 diff)

trunk/src/wp-includes/rest-api.php

@@ -1049 +1049 @@
  *
  * @since 5.6.0
+ * @since 5.7.0 Added the `$app_password` parameter.
  *
  * @global WP_User|WP_Error|null $wp_rest_application_password_status
+ * @global string|null $wp_rest_application_password_uuid
  *
  * @param WP_Error $user_or_error The authenticated user or error instance.
- */
-function rest_application_password_collect_status( $user_or_error ) {
-    global $wp_rest_application_password_status;
+ * @param array    $app_password  The Application Password used to authenticate.
+ */
+function rest_application_password_collect_status( $user_or_error, $app_password = array() ) {
+    global $wp_rest_application_password_status, $wp_rest_application_password_uuid;
 
     $wp_rest_application_password_status = $user_or_error;
+
+    if ( empty( $app_password['uuid'] ) ) {
+        $wp_rest_application_password_uuid = null;
+    } else {
+        $wp_rest_application_password_uuid = $app_password['uuid'];
+    }
+}
+
+/**
+ * Gets the Application Password used for authenticating the request.
+ *
+ * @since 5.7.0
+ *
+ * @global string|null $wp_rest_application_password_uuid
+ *
+ * @return string|null The App Password UUID, or null if Application Passwords was not used.
+ */
+function rest_get_authenticated_app_password() {
+    global $wp_rest_application_password_uuid;
+
+    return $wp_rest_application_password_uuid;
 }