API Authentication discussion!

Welcome!

The WordPress coreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. development team builds WordPress! Follow this site for general updates, status reports, and the occasional code debate. There’s lots of ways to contribute:

Found a bugbug A bug is an error or unexpected result. Performance improvements, code optimization, and are considered enhancements, not defects. After feature freeze, only bugs are dealt with, with regressions (adverse changes from the previous version) being the highest priority.? Create a ticket in the bug tracker.
Want to contribute? Get started quickly with tickets marked as good first bugs for new contributors or join a bug scrub. There’s more on the reports page, like patches needing testing, and on feature projects page.
Other questions? Here is a detailed handbook for contributors, complete with tutorials.

I was chatting with @rmccue and we though it’d be a good decision to have an open discussion regarding potential avenues for APIAPI An API or Application Programming Interface is a software intermediary that allows programs to interact with each other and share data in limited, clearly defined ways. Authentication on Thursday, February 18th at 22:00 UTC in the #core-passwords channel in SlackSlack Slack is a Collaborative Group Chat Platform https://slack.com/. The WordPress community has its own Slack Channel at https://make.wordpress.org/chat/..

We’ll be addressing everything from OAuth 1.0a, OAuth 2.0, Application Passwords, and what limitations should be used to scope assorted tokens.

Relevant background reading: http://georgestephanis.wordpress.com/2016/02/14/on-core-rest-api-authentication/

#api, #application-passwords, #authentication, #rest-api

simonrcodrington 8:04 pm on February 16, 2016

Interesting article, thanks for sharing your thoughts.

When it comes to the APIAPI An API or Application Programming Interface is a software intermediary that allows programs to interact with each other and share data in limited, clearly defined ways. and how it should work going forward, I’m happy with both of these scenarios:

1 – Once you’re athenticated you can hit all endpoints and perform all adminadmin (and super admin) actions (the onus can be on the user to a accept the risk)
2 – The user authorises connections only to set API endpoints that could be organised by potentially their risk / importance

Either way, I’m happy progress with the API is making it into coreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress.

Comments are closed.

Welcome!

Communication

Share this: