[wp-trac] [WordPress Trac] #42790: Permit basic authentication to the REST API over SSL
WordPress Trac
noreply at wordpress.org
Fri Nov 15 07:43:16 UTC 2019
#42790: Permit basic authentication to the REST API over SSL
-----------------------------+------------------------------
Reporter: kadamwhite | Owner: (none)
Type: feature request | Status: new
Priority: normal | Milestone: Awaiting Review
Component: REST API | Version:
Severity: normal | Resolution:
Keywords: | Focuses:
-----------------------------+------------------------------
Changes (by Otto42):
* keywords: close =>
Comment:
@kadamwhite Disagree. For sites using SSL, we should add Basic
Authentication to the login flow. Not just to the REST API, but to all
flows, using the general authentication mechanisms. Essentially, add basic
auth to the `authenticate` filter for the case when SSL is enabled.
OAuth2 is a bad mechanism for this, designed for an entirely different
purpose. It's for having Facebook talk to Google and the like. Where the
user has accounts on two different services and wants them to share
information. WordPress is a service in this equation, but more to the
point it is a piece of software, actually self-run by the user. It doesn't
fit OAuth's original design. Never has. The user wants to authenticate to
their own site using their own credentials, and Basic Auth fits that just
fine. Yeah, okay, it's not great when you're sending passwords in the
clear, but for the case where SSL is enabled, it is a far better user
experience and secure enough for a first pass.
+1 to Basic Auth support.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/42790#comment:12>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list