WordPress.org
Get WordPress
WordPress.org

WordPress Developer Resources

wp_is_application_passwords_available()

wp_is_application_passwords_available(): bool

In this article

Back to top

Checks if Application Passwords is globally available.

Description

By default, Application Passwords is available to all sites using SSL or to local environments.
Use the ‘wp_is_application_passwords_available’ filter to adjust its availability.

Return

bool

Source

function wp_is_application_passwords_available() {
	/**
	 * Filters whether Application Passwords is available.
	 *
	 * @since 5.6.0
	 *
	 * @param bool $available True if available, false otherwise.
	 */
	return apply_filters( 'wp_is_application_passwords_available', wp_is_application_passwords_supported() );
}

View all references View on Trac View on GitHub

Hooks

apply_filters( ‘wp_is_application_passwords_available’, bool $available )

Filters whether Application Passwords is available.

UsesDescription
wp_is_application_passwords_supported()wp-includes/user.php

Checks if Application Passwords is supported.

apply_filters()wp-includes/plugin.php

Calls the callback functions that have been added to a filter hook.

Used byDescription
WP_REST_Application_Passwords_Controller::get_user()wp-includes/rest-api/endpoints/class-wp-rest-application-passwords-controller.php

Gets the requested user.

wp_is_application_passwords_available_for_user()wp-includes/user.php

Checks if Application Passwords is available for a specific user.

wp_authenticate_application_password()wp-includes/user.php

Authenticates the user using an application password.

wp_validate_application_password()wp-includes/user.php

Validates the application password credentials passed via Basic Authentication.

rest_add_application_passwords_to_index()wp-includes/rest-api.php

Adds Application Passwords info to the REST API index.

Changelog

VersionDescription
5.6.0Introduced.

User Contributed Notes

  1. Skip to note 2 content
    Jose Lazo
    You must log in to vote on the helpfulness of this noteVote results for this note: 0You must log in to vote on the helpfulness of this note

    Make a custom permission callback to a custom endpoint.

    /**
 * A callback for checking the permission for the REST API.
 *
 * @param WP_REST_Request $request API request
 * @return true|WP_Error
 */
function wpdocs_rest_permission_callback( $request ) {
	if ( wp_is_application_passwords_available() ) {
		$auth_header = $request->get_header( 'Authorization' );

		if ( empty( $auth_header ) ) {
			return new WP_Error( 'rest_forbidden', __( 'Authentication required. Application Password not found' ), array( 'status' => 401 ) );
		}

		$user_id = get_current_user_id(); // or get the user ID from the request data
		$result  = wp_validate_application_password( $user_id );

		if ( ! $result ) {
			return new WP_Error( 'rest_forbidden', __( 'Authentication failed.' ), array( 'status' => 403 ) );
		}
	} elseif ( ! current_user_can( 'manage_options' ) ) {
		return new WP_Error( 'rest_forbidden', __( 'Permission denied.' ), array( 'status' => 403 ) );
	}

	return true;
}

You must log in before being able to contribute a note or feedback.