[wp-trac] [WordPress Trac] #23446: Expose 'login_url' and 'admin_url' via XML-RPC
WordPress Trac
noreply at wordpress.org
Tue Feb 12 20:35:19 UTC 2013
#23446: Expose 'login_url' and 'admin_url' via XML-RPC
------------------------------+------------------------------
Reporter: daniloercoli | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: XML-RPC | Version: trunk
Severity: normal | Resolution:
Keywords: has-patch mobile |
------------------------------+------------------------------
Comment (by redsweater):
Since you're going to the trouble of proposing changes in WordPress's API
to support this useful screen-scraping, wouldn't it make more sense to
support a method "wp_authenticate()" or similar that would explictly
return a cookie suitable for session-scoped requests to the site as the
logged-in user?
I can imagine push-back that the API shouldn't empower clients to access
the whole site like this, but the fact is as Danilo notes you can automate
this through screen-scraping, anway. If you are going to go the extra step
of outright advertising the required APIs for accomplishing this, why not
make the whole process more foolproof?
The added benefit of formalizing this is you would then also have a
central point of authentication for this person, that the user could
disable either through plugin or admin-panel options. In that scenario, if
a client app attempts to wp_authenticate() and receives an error, they can
pass it along to the user.
I don't think concessions should be made to supporting full "browser-
style" authentication unless you go all the way and make it foolproof and
more administratable.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/23446#comment:1>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list