Make WordPress Core

Opened 3 years ago

Closed 3 years ago

Last modified 2 months ago

#51602 closed enhancement (fixed)

Application Passwords: Include siteurl in return data from auth flow.

Reported by: georgestephanis's profile georgestephanis Owned by: timothyblynjacobs's profile TimothyBlynJacobs
Milestone: 5.6 Priority: normal
Severity: normal Version: 5.6
Component: Login and Registration Keywords: has-patch
Focuses: rest-api Cc:


Rather than rely on applications to store and connect the site's url with the session the user returns to (which can be fragile with multiple concurrent blogs being connected at once) let's just pass back the url of the site that the credentials are generated for.

Change History (7)

This ticket was mentioned in PR #650 on WordPress/wordpress-develop by georgestephanis.

3 years ago

  • Keywords has-patch added
  • Add a comment clarifying that the php code block is a fallback for no-js
  • Fix username to user_login -- we've been doing the latter in practice, but some code still returned the former.
  • Most relevantly, add a site_url parameter to the return data so clients have confirmation of what url they can use the returned credentials with.

Trac ticket:

georgestephanis commented on PR #650:

3 years ago

I hesitate to do that as part of the goal is to be agnostic. Given the site url, the client can always determine the rest url, but the client may also want the credentials to use for xmlrpc or other systems like WPGraphQL

#3 @TimothyBlynJacobs
3 years ago

  • Owner set to TimothyBlynJacobs
  • Resolution set to fixed
  • Status changed from new to closed

In 49291:

App Passwords: Include site_url in the success redirect payload.

Props georgestephanis.
Fixes #51602.

TimothyBJacobs commented on PR #650:

3 years ago

Good point, that makes sense.

Merged in 1e85024fb4be72eb6a1244d0c7c09590ed7172a2.

#5 @desrosj
3 years ago

  • Milestone changed from Awaiting Review to 5.6
Note: See TracTickets for help on using tickets.