Extract creation and storage of the access token into its own method.#185
Open
stephenharris wants to merge 1 commit intoWP-API:masterfrom
stephenharris:create-access-token-function
Open
Extract creation and storage of the access token into its own method.#185stephenharris wants to merge 1 commit intoWP-API:masterfrom stephenharris:create-access-token-function
stephenharris wants to merge 1 commit intoWP-API:masterfrom
stephenharris:create-access-token-function
Conversation
Contributor
|
Useful. But this seems like something more suited to a plugin, if at all possible. |
Author
|
Its is. The PR was to abstract some code regarding token storage from the business logic of the REST API key-exchange endpoints to make it useful for said plugin. |
rmccue
requested changes
Nov 28, 2016
Member
rmccue
left a comment
rmccue
left a comment
There was a problem hiding this comment.
Single-use sounds great; I've wanted to do something similar, but never had the time. Got a link to your plugin?
PR looks good, but indentation is off in a couple of spots here.
| * handles the actual creation and storage of the access token. | ||
| * | ||
| * @param WP_Post $consumer | ||
| * @param int $user_id |
Member
There was a problem hiding this comment.
Indentation is off in a couple of places here.
Author
|
Will update my PR later. I've added the plug-in as gist here: https://gist.github.com/stephenharris/8584b6d6e0c0e996c125a34b01a962a7 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR moves the part of the code responsible for instantiating a new access key and storing to a public static function.
This allows third-parties to create access tokens without duplicating the code, and acts as a counterpart to
WP_REST_OAuth1::revoke_access_token().Why? I've developed an add-on for the OAuth1 plug-in which allows you to create a single access token. A single access token is a 'manually' created access token tied to a user account. It's primary purpose is single-user applications, where effectively the end-user and consumer are the one and the same. In such instances, implementing the entire OAuth token acquisition dance unnecessarily complicates matters. It serves the same purpose as 'application passwords', but provides the security that application passwords lack (at least over non-HTTPS connections).
Introducing the
WP_REST_OAuth1::create_access_token()function gives that add-on something to use rather than duplicating code.