Authorization Headers #7
Comments
|
For what it's worth, here's a functional UI I'd written some years ago to test whether or not the current site supports Authorization headers, and displays a message to the user if not: WordPress/application-passwords@16af809 It just generates a dummy username and password, and passes them as Authorization Basic base64encoded to a rest api endpoint, and check to make sure the endpoint got the username and password and returned them in turn. It doesn't do anything with actual passwords, just dummy strings. |
|
@georgestephanis I have similar code in my IndieAuth plugin(https://github.com/indieweb/wordpress-indieauth). It creates a login form page and sends in a dummy payload and returns success or failure. This can then be queried by site health. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I have learned through my writing of the IndieAuth Authentication plugin that the largest number of filed issues around the plugin involved hosting providers not supporting the passing of authorization headers. Regardless of how we do tokens, passing them in the header is the preferred method for OAuth2.
This means we need to ensure this works on installations by testing for it(thank you site health features) etc.
The text was updated successfully, but these errors were encountered: