Application Passwords :: authenticate users without hassle

Einfach Dinge, die nichts mit XAMPP, Apache Friends, Apache, MySQL, PHP und alle dem zu tun haben. Allerlei halt. ;)

Application Passwords :: authenticate users without hassle

Postby unleash_it » 26. April 2021 13:50

Application Passwords
By George Stephanis :: https://github.com/georgestephanis
https://wordpress.org/plugins/application-passwords/
meta: Version:0.1.2 Last updated:8 months ago Active installations:20,000+ WordPress Version:4.4 or higher Tested up to:5.5.4 Tags:application-passwordsauthenticationrest-apisecurityxml-rpc

Use Application Passwords to authenticate users without providing their passwords directly. Instead, a unique password is generated for each application without revealing the user’s main password. Application passwords can be revoked for each application individually.

Important: Application Passwords can be used only for authenticating API requests such as REST API and XML-RPC, and they won’t work for regular site logins.

CONTRIBUTE
Translate the plugin into your language.
Report issues, suggest features and contribute code on GitHub.
CREATING APPLICATION PASSWORD MANUALLY
Go the User Profile page of the user that you want to generate a new application password for. To do so, click Users on the left side of the WordPress admin, then click on the user that you want to manage.
Scroll down until you see the Application Passwords section. This is typically at the bottom of the page.
Within the input field, type in a name for your new application password, then click Add New.
Note: The application password name is only used to describe your password for easy management later. It will not affect your password in any way. Be descriptive, as it will lead to easier management if you ever need to change it later.
Once the Add New button is clicked, your new application password will appear. Be sure to keep this somewhere safe, as it will not be displayed to you again. If you lose this password, it cannot be obtained again.
TWO FACTOR SUPPORT
Application Passwords can be used together with the Two Factor plugin as long as you bypass the API acccess restrictions added by the Two Factor plugin. Those protections disable API requests with password authentication for users with Two Factor enabled.

Use the two_factor_user_api_login_enable filter to allow API requests authenticated using an application passwords:

add_filter( 'two_factor_user_api_login_enable', function( $enable ) {
// Allow API login when using an application password even with 2fa enabled.
if ( did_action( 'application_password_did_authenticate' ) ) {
return true;
}

return $enable;
} );
This is not required if the user associated with the application password doesn’t have any of the Two Factor methods enabled.


see more
By George Stephanis :: https://github.com/georgestephanis
https://wordpress.org/plugins/application-passwords/
Interessen: Bikes & steel frames: Linux & SBC https://www.allaboutcircuits.com :: die neuen Knowledge-Base: AFFiNE: There can be more than Notion and Miro. auf affine.pro :: WordPress Entwicklung - sic: make.wordpress.org/core/
User avatar
unleash_it
 
Posts: 754
Joined: 10. December 2011 18:32
Operating System: linux opensuse 12.1

Return to Allerlei

Who is online

Users browsing this forum: No registered users and 2 guests