This updates route arguments and schema descriptions to use more specific object types for clarity.
Follow-up to [39342].
Props lephleg, jnylen0.
Fixes#40720.
git-svn-id: https://develop.svn.wordpress.org/trunk@51000 602fd350-edb4-49c9-b593-d223f7449a82
Previously, all permission checks for using app passwords were implemented using `edit_user`. This commit introduces a series of more fine grained meta capabilities that should be used instead: `create_app_password`, `list_app_passwords`, `read_app_password`, `edit_app_password`, `delete_app_password` and `delete_app_passwords`. These capabilities all map to `edit_user` by default, but may now be customized by developers.
Props johnbillion, TimothyBlynJacobs.
Fixes#51703.
git-svn-id: https://develop.svn.wordpress.org/trunk@50114 602fd350-edb4-49c9-b593-d223f7449a82
This introduces a new endpoint, `wp/v2/users/me/application-passwords/introspect`, that will return details about the App Password being used to authenticate the current request. This allows for an application to disambiguate between multiple installations of their application which would all share the same `app_id`.
Props xkon, peterwilsoncc, TimothyBlynJacobs.
Fixes#52275.
git-svn-id: https://develop.svn.wordpress.org/trunk@50065 602fd350-edb4-49c9-b593-d223f7449a82
Application names are now required to be unique and cannot contain solely whitespace characters. Additionally, invalid characters are now stripped from the application name using `sanitize_text_field()`.
Props Boniu91, hellofromTonya, engahmeds3ed, xkon, francina.
Fixes#51941.
git-svn-id: https://develop.svn.wordpress.org/trunk@50030 602fd350-edb4-49c9-b593-d223f7449a82
Previously App Passwords used a mix of "enabled" and "available". We've now standardized on using "available".
Additionally, we now use a 501 status code when indicating that App Passwords is not available.
Props SergeyBiryukov, ocean90, TimothyBlynJacobs.
Fixes#51513.
git-svn-id: https://develop.svn.wordpress.org/trunk@49617 602fd350-edb4-49c9-b593-d223f7449a82
Apps may now optionally include an `app_id` parameter when directing the user to the Authorize Application screen. This allows for instances of an application to be identified and potentially revoked or blocked.
Props TimothyBlynJacobs, georgestephanis.
Fixes#51583.
git-svn-id: https://develop.svn.wordpress.org/trunk@49276 602fd350-edb4-49c9-b593-d223f7449a82
In WordPress 4.4 the REST API was first introduced. A few releases later in WordPress 4.7, the Content API endpoints were added, paving the way for Gutenberg and countless in-site experiences. In the intervening years, numerous plugins have built on top of the REST API. Many developers shared a common frustration, the lack of external authentication to the REST API.
This commit introduces Application Passwords to allow users to connect to external applications to their WordPress website. Users can generate individual passwords for each application, allowing for easy revocation and activity monitoring. An authorization flow is introduced to make the connection flow simple for users and application developers.
Application Passwords uses Basic Authentication, and by default is only available over an SSL connection.
Props georgestephanis, kasparsd, timothyblynjacobs, afercia, akkspro, andraganescu, arippberger, aristath, austyfrosty, ayesh, batmoo, bradyvercher, brianhenryie, helen, ipstenu, jeffmatson, jeffpaul, joostdevalk, joshlevinson, kadamwhite, kjbenk, koke, michael-arestad, Otto42, pekz0r, salzano, spacedmonkey, valendesigns.
Fixes#42790.
git-svn-id: https://develop.svn.wordpress.org/trunk@49109 602fd350-edb4-49c9-b593-d223f7449a82
