WordPress/application-passwords

Authentication requests for user resets their password

thefrosty opened this issue · 1 comments

After some tests, and a lot of complaints from users I confirmed this to be a real issue.

When making a REST request (like from POSTMAN) with the application password, it instantly changes the users hashed password forcing them to be logged out (from the web /wp-admin) and needing a reset password.

Okay, I've tracked down the issue. It only happens when using the roots/wp-password-bcrypt package.

I opened an issue there: roots/wp-password-bcrypt#22