support other authentication plugins?
Closed this issue · 5 comments
I do not want this package to support basic authentication because WordPress docs themselves say it should only be used for development (and because it's easier I'm afraid some people might use it in production).
Other plugins mentioned in the docs
-
JWT Authentication for WP REST API. It demands editing .htaccess and another file https://www.wpbeginner.com/beginners-guide/how-to-edit-wp-config-php-file-in-wordpress/ so it definitely sounds more intricate for users. "Since this file contains a lot of sensitive information, it is recommended that you don't mess with this file unless you have absolutely no other choice." It sounds quite scary to me.
-
WordPress REST API – OAuth 1.0a Server Probably not a good idea since at the moment I see "This plugin hasn’t been tested with the latest 3 major releases of WordPress. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.".
Note that the README mentions creating a special user for using the package, with editor rights rather than admin rights. It makes the application password less powerful.
I can imagine it might be a problem for some users though: since it's a different author than some other posts, it might not appear on the author page that the user would like.
This issue seems to have become obsolete? The plugin you originally used has folded into WordPress core and (to my amazement I must say) everything worked beautifully out of the box.
Does it mean the docs need to be updated?
I think so, yes. On mobile, so not in position to do so, but since WP 5.6 there are application passwords that can be made and revoked by the user on a per-application basis: https://make.wordpress.org/core/2020/11/05/application-passwords-integration-guide/
This is what I'm using, just following the instructions (i.e. putting in ~Renviron), and it just works — so no plugin needed.
Thanks! Would you be willing to make a PR?