[wp-trac] [WordPress Trac] #57811: Should application password be usable for logins
WordPress Trac
noreply at wordpress.org
Sun Feb 26 13:59:44 UTC 2023
#57811: Should application password be usable for logins
------------------------------------+-----------------------------
Reporter: Clorith | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Login and Registration | Version: 5.6
Severity: normal | Keywords:
Focuses: |
------------------------------------+-----------------------------
WordPress has, since version 5.6, bundled the ability to generate
Application Passwords.
These have been usable as HTTP Basic Auth tokens for REST API requests,
but that is the extent of their use within core.
In traditional use-cases, an Application Password is a specific token,
used by one or more applications, to sign in and bypass the needs for
other account security, such as for example two-factor authentication.
I'm not sure how SVN interacts with user accounts, but in ''theory'' would
this allow for application passwords for things such as commits to
plugins/themes/core?
It would also allow older integrations, like the ones relying on XMLRPC
still, to continue working without additional plugins out of the box.
I'd like to open the discussion if WordPress should perhaps also allow
their use for this case? It is of course possible for a plugin to
implement this already, but given how different WordPress is currently
treating Application Passwords from what other services do, it seems like
a valuable discussion to cover :)
--
Ticket URL: <https://core.trac.wordpress.org/ticket/57811>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list