[wp-trac] [WordPress Trac] #26706: Allow custom authentication handlers for all requests
WordPress Trac
noreply at wordpress.org
Sun Dec 22 13:59:08 UTC 2013
#26706: Allow custom authentication handlers for all requests
-------------------------+-----------------------------
Reporter: rmccue | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version:
Severity: minor | Keywords:
-------------------------+-----------------------------
While it's possible to write custom authentication handlers with
WordPress, these methods all eventually rely on using cookies to store the
current user.
It should be possible to switch out the other half of this equation. For
example, OAuth handlers should be able to set the current user based on
query parameters, as well as checking their own nonces.
Currently, the main obstacle to this is `get_currentuserinfo()`, which is
hardcoded to use `wp_validate_auth_cookie()`. To work around this, you
have to check on `plugins_loaded` or a similar early hook; before any
other code calls `is_user_logged_in()`, `wp_get_current_user()` or
anything else that uses the underlying function.
I'd like to propose adding a filter to replace the existing
`wp_validate_auth_cookie()` call, and have it return a `WP_User`.
`wp_validate_auth_cookie()` can then be hooked into this by default.
(I don't have a patch for this one yet; just noting it so I don't forget.)
--
Ticket URL: <http://core.trac.wordpress.org/ticket/26706>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list