WordPress.org
Get WordPress
WordPress.org

WordPress Developer Resources

WP_Application_Passwords::create_new_application_password()

WP_Application_Passwords::create_new_application_password( int $user_id, array $args = array() ): array|WP_Error

In this article

Back to top

Creates a new application password.

Parameters

$user_idintrequired
User ID.
$argsarrayoptional
Arguments used to create the application password.
  • name string
    The name of the application password.
  • app_id string
    A UUID provided by the application to uniquely identify it.

Default:array()

Return

array|WP_Error Application password details, or a WP_Error instance if an error occurs.
  • 0 string
    The generated application password in plain text.
  • 1 array
    The details about the created password.
    • uuid string
      The unique identifier for the application password.
    • app_id string
      A UUID provided by the application to uniquely identify it.
    • name string
      The name of the application password.
    • password string
      A one-way hash of the password.
    • created int
      Unix timestamp of when the password was created.
    • last_used null
      Null.
    • last_ip null
      Null.

Source

public static function create_new_application_password( $user_id, $args = array() ) {
	if ( ! empty( $args['name'] ) ) {
		$args['name'] = sanitize_text_field( $args['name'] );
	}

	if ( empty( $args['name'] ) ) {
		return new WP_Error( 'application_password_empty_name', __( 'An application name is required to create an application password.' ), array( 'status' => 400 ) );
	}

	$new_password    = wp_generate_password( static::PW_LENGTH, false );
	$hashed_password = self::hash_password( $new_password );

	$new_item = array(
		'uuid'      => wp_generate_uuid4(),
		'app_id'    => empty( $args['app_id'] ) ? '' : $args['app_id'],
		'name'      => $args['name'],
		'password'  => $hashed_password,
		'created'   => time(),
		'last_used' => null,
		'last_ip'   => null,
	);

	$passwords   = static::get_user_application_passwords( $user_id );
	$passwords[] = $new_item;
	$saved       = static::set_user_application_passwords( $user_id, $passwords );

	if ( ! $saved ) {
		return new WP_Error( 'db_error', __( 'Could not save application password.' ) );
	}

	$network_id = get_main_network_id();
	if ( ! get_network_option( $network_id, self::OPTION_KEY_IN_USE ) ) {
		update_network_option( $network_id, self::OPTION_KEY_IN_USE, true );
	}

	/**
	 * Fires when an application password is created.
	 *
	 * @since 5.6.0
	 * @since 6.8.0 The hashed password value now uses wp_fast_hash() instead of phpass.
	 *
	 * @param int    $user_id      The user ID.
	 * @param array  $new_item     {
	 *     The details about the created password.
	 *
	 *     @type string $uuid      The unique identifier for the application password.
	 *     @type string $app_id    A UUID provided by the application to uniquely identify it.
	 *     @type string $name      The name of the application password.
	 *     @type string $password  A one-way hash of the password.
	 *     @type int    $created   Unix timestamp of when the password was created.
	 *     @type null   $last_used Null.
	 *     @type null   $last_ip   Null.
	 * }
	 * @param string $new_password The generated application password in plain text.
	 * @param array  $args         {
	 *     Arguments used to create the application password.
	 *
	 *     @type string $name   The name of the application password.
	 *     @type string $app_id A UUID provided by the application to uniquely identify it.
	 * }
	 */
	do_action( 'wp_create_application_password', $user_id, $new_item, $new_password, $args );

	return array( $new_password, $new_item );
}

View all references View on Trac View on GitHub

Hooks

do_action( ‘wp_create_application_password’, int $user_id, array $new_item, string $new_password, array $args )

Fires when an application password is created.

UsesDescription
WP_Application_Passwords::hash_password()wp-includes/class-wp-application-passwords.php

Hashes a plaintext application password.

wp_generate_uuid4()wp-includes/functions.php

Generates a random UUID (version 4).

update_network_option()wp-includes/option.php

Updates the value of a network option that was already added.

get_network_option()wp-includes/option.php

Retrieves a network’s option value based on the option name.

get_main_network_id()wp-includes/functions.php

Gets the main network ID.

wp_generate_password()wp-includes/pluggable.php

Generates a random password drawn from the defined set of characters.

sanitize_text_field()wp-includes/formatting.php

Sanitizes a string from user input or from the database.

do_action()wp-includes/plugin.php

Calls the callback functions that have been added to an action hook.

WP_Error::__construct()wp-includes/class-wp-error.php

Initializes the error.

Show 4 moreShow less
Used byDescription
WP_REST_Application_Passwords_Controller::create_item()wp-includes/rest-api/endpoints/class-wp-rest-application-passwords-controller.php

Creates an application password.

Changelog

VersionDescription
6.8.0The hashed password value now uses wp_fast_hash() instead of phpass.
5.7.0Returns WP_Error if application name already exists.
5.6.0Introduced.

User Contributed Notes

  1. Skip to note 2 content
    Danish Ali Malik
    You must log in to vote on the helpfulness of this noteVote results for this note: 0You must log in to vote on the helpfulness of this note

    Basic Usage
    Generate the application password for the logged-in users if not already exists.

    $user_id = get_current_user_id();
$app_exists = WP_Application_Passwords::application_name_exists_for_user( $user_id, 'your-app-name' );

if ( ! $app_exists ) {
	$app_pass = WP_Application_Passwords::create_new_application_password( $user_id, array( 'name' => 'your-app-name' ) );
}

You must log in before being able to contribute a note or feedback.