wp_is_authorize_application_password_request_valid( array $request, WP_User $user ): true|WP_Error

Checks if the Authorize Application Password request is valid.

Parameters

$requestarrayrequired
The array of request data. All arguments are optional and may be empty.
  • app_name string
    The suggested name of the application.
  • app_id string
    A UUID provided by the application to uniquely identify it.
  • success_url string
    The URL the user will be redirected to after approving the application.
  • reject_url string
    The URL the user will be redirected to after rejecting the application.
$userWP_Userrequired
The user authorizing the application.

Return

true|WP_Error True if the request is valid, a WP_Error object contains errors if not.

Source

function wp_is_authorize_application_password_request_valid( $request, $user ) {
	$error = new WP_Error();

	if ( isset( $request['success_url'] ) ) {
		$validated_success_url = wp_is_authorize_application_redirect_url_valid( $request['success_url'] );
		if ( is_wp_error( $validated_success_url ) ) {
			$error->add(
				$validated_success_url->get_error_code(),
				$validated_success_url->get_error_message()
			);
		}
	}

	if ( isset( $request['reject_url'] ) ) {
		$validated_reject_url = wp_is_authorize_application_redirect_url_valid( $request['reject_url'] );
		if ( is_wp_error( $validated_reject_url ) ) {
			$error->add(
				$validated_reject_url->get_error_code(),
				$validated_reject_url->get_error_message()
			);
		}
	}

	if ( ! empty( $request['app_id'] ) && ! wp_is_uuid( $request['app_id'] ) ) {
		$error->add(
			'invalid_app_id',
			__( 'The application ID must be a UUID.' )
		);
	}

	/**
	 * Fires before application password errors are returned.
	 *
	 * @since 5.6.0
	 *
	 * @param WP_Error $error   The error object.
	 * @param array    $request The array of request data.
	 * @param WP_User  $user    The user authorizing the application.
	 */
	do_action( 'wp_authorize_application_password_request_errors', $error, $request, $user );

	if ( $error->has_errors() ) {
		return $error;
	}

	return true;
}

Hooks

do_action( ‘wp_authorize_application_password_request_errors’, WP_Error $error, array $request, WP_User $user )

Fires before application password errors are returned.

Changelog

VersionDescription
6.3.2Validates the success and reject URLs to prevent javascript pseudo protocol being executed.
6.2.0Allow insecure HTTP connections for the local environment.
5.6.0Introduced.

User Contributed Notes

You must log in before being able to contribute a note or feedback.