wp_validate_application_password( int|false $input_user ): int|false

In this article

Validates the application password credentials passed via Basic Authentication.

Parameters

$input_userint|falserequired
User ID if one has been determined, false otherwise.

Return

int|false The authenticated user ID if successful, false otherwise.

Source

function wp_validate_application_password( $input_user ) {
	// Don't authenticate twice.
	if ( ! empty( $input_user ) ) {
		return $input_user;
	}

	if ( ! wp_is_application_passwords_available() ) {
		return $input_user;
	}

	// Both $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] must be set in order to attempt authentication.
	if ( ! isset( $_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'] ) ) {
		return $input_user;
	}

	$authenticated = wp_authenticate_application_password( null, $_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'] );

	if ( $authenticated instanceof WP_User ) {
		return $authenticated->ID;
	}

	// If it wasn't a user what got returned, just pass on what we had received originally.
	return $input_user;
}

Changelog

VersionDescription
5.6.0Introduced.

User Contributed Notes

You must log in before being able to contribute a note or feedback.