[wp-hackers] Wordpress User Authentication

Simon Willison swillison at gmail.com
Fri Jun 18 22:45:55 UTC 2004


On Fri, 18 Jun 2004 16:04:27 -0500, Alex <nessence at gmail.com> wrote:
> I think we hit on two things
> 
> a) Being able to authenticate using a non-WP-specific interface (eg,
> LDAP, another site, etc)
> 
> b) Being able to use WP as a secure mechanism of authentication for an
> external system. For example, a script which is to large to be a WP
> plugin, but may want to use WP as a means of authentication and which
> is WP-centric.
> 
> derivative of b):
> c) Foreign API access (with the ability to do more than just check
> authentication, and is secure)

I'd just like to note that for me, pluggable authentication would be
an absolutely killer feature. I've lost count of the number of times
I've been burnt by the need to run multiple authentication schemes
just because I'm running different scripts that each have their own
way of manaing the user list. If WP could share it's auth system AND
had the additional option of tying in to someone elses through a
simple API proxy I would be a very happy camper. It could also lead to
much more interesting WordPress add-ons, which essentially act as
whole new applications which tie in to WordPress's authentication.

Here's something: if WordPress had a good API for authentication,
people could write "bridge" hacks/modifications for other open source
apps to get them to authenticate against WordPress. For example, I'm a
big fan of Tavi Wiki ( http://tavi.sourceforge.net/ ). For some wikis,
authentication can be very useful (e.g a private wiki for tracking
notes). It would be very cool if someone wrote a Tavi plugin/hack that
added authentication against WordPress. Of course, it's possible to do
this right now by running queries directly against the WordPress user
database table but it would be far neater using API functions.

I'm sure these functions already exist, but expressly documenting them
as "stable" for other apps to authenticate against would be a huge
boost.



More information about the hackers mailing list