wp_is_application_passwords_available(): bool

Checks if Application Passwords is globally available.

Description

By default, Application Passwords is available to all sites using SSL or to local environments.
Use the ‘wp_is_application_passwords_available’ filter to adjust its availability.

Return

bool

Source

function wp_is_application_passwords_available() {
	/**
	 * Filters whether Application Passwords is available.
	 *
	 * @since 5.6.0
	 *
	 * @param bool $available True if available, false otherwise.
	 */
	return apply_filters( 'wp_is_application_passwords_available', wp_is_application_passwords_supported() );
}

Hooks

apply_filters( ‘wp_is_application_passwords_available’, bool $available )

Filters whether Application Passwords is available.

Changelog

VersionDescription
5.6.0Introduced.

User Contributed Notes

  1. Skip to note 2 content

    Make a custom permission callback to a custom endpoint.

    /**
     * A callback for checking the permission for the REST API.
     *
     * @param WP_REST_Request $request API request
     * @return true|WP_Error
     */
    function wpdocs_rest_permission_callback( $request ) {
    	if ( wp_is_application_passwords_available() ) {
    		$auth_header = $request->get_header( 'Authorization' );
    
    		if ( empty( $auth_header ) ) {
    			return new WP_Error( 'rest_forbidden', __( 'Authentication required. Application Password not found' ), array( 'status' => 401 ) );
    		}
    
    		$user_id = get_current_user_id(); // or get the user ID from the request data
    		$result  = wp_validate_application_password( $user_id );
    
    		if ( ! $result ) {
    			return new WP_Error( 'rest_forbidden', __( 'Authentication failed.' ), array( 'status' => 403 ) );
    		}
    	} elseif ( ! current_user_can( 'manage_options' ) ) {
    		return new WP_Error( 'rest_forbidden', __( 'Permission denied.' ), array( 'status' => 403 ) );
    	}
    
    	return true;
    }

You must log in before being able to contribute a note or feedback.