Title: wp_is_authorize_application_password_request_valid
Published: December 9, 2020
Last modified: May 20, 2026

---

# wp_is_authorize_application_password_request_valid( array $request, WP_User $user ): true|󠀁[WP_Error](https://developer.wordpress.org/reference/classes/wp_error/)󠁿

## In this article

 * [Parameters](https://developer.wordpress.org/reference/functions/wp_is_authorize_application_password_request_valid/?output_format=md#parameters)
 * [Return](https://developer.wordpress.org/reference/functions/wp_is_authorize_application_password_request_valid/?output_format=md#return)
 * [Source](https://developer.wordpress.org/reference/functions/wp_is_authorize_application_password_request_valid/?output_format=md#source)
 * [Hooks](https://developer.wordpress.org/reference/functions/wp_is_authorize_application_password_request_valid/?output_format=md#hooks)
 * [Related](https://developer.wordpress.org/reference/functions/wp_is_authorize_application_password_request_valid/?output_format=md#related)
 * [Changelog](https://developer.wordpress.org/reference/functions/wp_is_authorize_application_password_request_valid/?output_format=md#changelog)

[ Back to top](https://developer.wordpress.org/reference/functions/wp_is_authorize_application_password_request_valid/?output_format=md#wp--skip-link--target)

Checks if the Authorize Application Password request is valid.

## 󠀁[Parameters](https://developer.wordpress.org/reference/functions/wp_is_authorize_application_password_request_valid/?output_format=md#parameters)󠁿

 `$request`arrayrequired

The array of request data. All arguments are optional and may be empty.

 * `app_name` string
 * The suggested name of the application.
 * `app_id` string
 * A UUID provided by the application to uniquely identify it.
 * `success_url` string
 * The URL the user will be redirected to after approving the application.
 * `reject_url` string
 * The URL the user will be redirected to after rejecting the application.

`$user`[WP_User](https://developer.wordpress.org/reference/classes/wp_user/)required

The user authorizing the application.

## 󠀁[Return](https://developer.wordpress.org/reference/functions/wp_is_authorize_application_password_request_valid/?output_format=md#return)󠁿

 true|[WP_Error](https://developer.wordpress.org/reference/classes/wp_error/) True
if the request is valid, a [WP_Error](https://developer.wordpress.org/reference/classes/wp_error/)
object contains errors if not.

## 󠀁[Source](https://developer.wordpress.org/reference/functions/wp_is_authorize_application_password_request_valid/?output_format=md#source)󠁿

    ```php
    function wp_is_authorize_application_password_request_valid( $request, $user ) {
    	$error = new WP_Error();

    	if ( isset( $request['success_url'] ) ) {
    		$validated_success_url = wp_is_authorize_application_redirect_url_valid( $request['success_url'] );
    		if ( is_wp_error( $validated_success_url ) ) {
    			$error->add(
    				$validated_success_url->get_error_code(),
    				$validated_success_url->get_error_message()
    			);
    		}
    	}

    	if ( isset( $request['reject_url'] ) ) {
    		$validated_reject_url = wp_is_authorize_application_redirect_url_valid( $request['reject_url'] );
    		if ( is_wp_error( $validated_reject_url ) ) {
    			$error->add(
    				$validated_reject_url->get_error_code(),
    				$validated_reject_url->get_error_message()
    			);
    		}
    	}

    	if ( ! empty( $request['app_id'] ) && ! wp_is_uuid( $request['app_id'] ) ) {
    		$error->add(
    			'invalid_app_id',
    			__( 'The application ID must be a UUID.' )
    		);
    	}

    	/**
    	 * Fires before application password errors are returned.
    	 *
    	 * @since 5.6.0
    	 *
    	 * @param WP_Error $error   The error object.
    	 * @param array    $request The array of request data.
    	 * @param WP_User  $user    The user authorizing the application.
    	 */
    	do_action( 'wp_authorize_application_password_request_errors', $error, $request, $user );

    	if ( $error->has_errors() ) {
    		return $error;
    	}

    	return true;
    }
    ```

[View all references](https://developer.wordpress.org/reference/files/wp-admin/includes/user.php/)
[View on Trac](https://core.trac.wordpress.org/browser/tags/7.0/src/wp-admin/includes/user.php#L654)
[View on GitHub](https://github.com/WordPress/wordpress-develop/blob/7.0/src/wp-admin/includes/user.php#L654-L700)

## 󠀁[Hooks](https://developer.wordpress.org/reference/functions/wp_is_authorize_application_password_request_valid/?output_format=md#hooks)󠁿

 [do_action( ‘wp_authorize_application_password_request_errors’, WP_Error $error, array $request, WP_User $user )](https://developer.wordpress.org/reference/hooks/wp_authorize_application_password_request_errors/)

Fires before application password errors are returned.

## 󠀁[Related](https://developer.wordpress.org/reference/functions/wp_is_authorize_application_password_request_valid/?output_format=md#related)󠁿

| Uses | Description | 
| [wp_is_authorize_application_redirect_url_valid()](https://developer.wordpress.org/reference/functions/wp_is_authorize_application_redirect_url_valid/)`wp-admin/includes/user.php` |

Validates the redirect URL protocol scheme.

  | 
| [wp_is_uuid()](https://developer.wordpress.org/reference/functions/wp_is_uuid/)`wp-includes/functions.php` |

Validates that a UUID is valid.

  | 
| [__()](https://developer.wordpress.org/reference/functions/__/)`wp-includes/l10n.php` |

Retrieves the translation of $text.

  | 
| [do_action()](https://developer.wordpress.org/reference/functions/do_action/)`wp-includes/plugin.php` |

Calls the callback functions that have been added to an action hook.

  | 
| [is_wp_error()](https://developer.wordpress.org/reference/functions/is_wp_error/)`wp-includes/load.php` |

Checks whether the given variable is a WordPress Error.

  | 
| [WP_Error::__construct()](https://developer.wordpress.org/reference/classes/wp_error/__construct/)`wp-includes/class-wp-error.php` |

Initializes the error.

  |

[Show 4 more](https://developer.wordpress.org/reference/functions/wp_is_authorize_application_password_request_valid/?output_format=md#)
[Show less](https://developer.wordpress.org/reference/functions/wp_is_authorize_application_password_request_valid/?output_format=md#)

## 󠀁[Changelog](https://developer.wordpress.org/reference/functions/wp_is_authorize_application_password_request_valid/?output_format=md#changelog)󠁿

| Version | Description | 
| [6.3.2](https://developer.wordpress.org/reference/since/6.3.2/) | Validates the success and reject URLs to prevent `javascript` pseudo protocol from being executed. | 
| [6.2.0](https://developer.wordpress.org/reference/since/6.2.0/) | Allow insecure HTTP connections for the local environment. | 
| [5.6.0](https://developer.wordpress.org/reference/since/5.6.0/) | Introduced. |

## User Contributed Notes

You must [log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Ffunctions%2Fwp_is_authorize_application_password_request_valid%2F)
before being able to contribute a note or feedback.