[wp-trac] [WordPress Trac] #42790: Permit basic authentication to the REST API over SSL
WordPress Trac
noreply at wordpress.org
Sun Dec 3 22:31:32 UTC 2017
#42790: Permit basic authentication to the REST API over SSL
--------------------------+------------------------------
Reporter: kadamwhite | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: REST API | Version: trunk
Severity: normal | Resolution:
Keywords: | Focuses:
--------------------------+------------------------------
Comment (by kadamwhite):
Fast to the punch @georgestephanis ! As you note another implementation
would be the `json_basic_auth_handler` method from https://github.com/WP-
API/Basic-Auth -- the technical approach is similar, just with additional
filters and error handling. (While that plugin has never made it into the
plugin directory it has been used in production in a number of sites over
the past few years, in some cases by having that method in-lined into the
application code.)
I'm interested in the loop-back to determine whether auth headers are
forwarded; how prevalent is that issue across hosts?
Further discussion with @nacin and others at the WCUS contributor day has
pointed out that Github's solution permits the use of authentication
tokens, which would be preferable to the direct use of user passwords as
they can be individually registered and revoked. We'd want to do some
design work to find a token generation & registration flow that works for
mobile app users if we go that route.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/42790#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list