A big push back against the WordPress REST API has been a feeling that a lack of authentication system makes these endpoints not useful. This is strange to me, since the content endpoints use the exact same permissions system as the rest of WordPress. @Josh412 My understanding is that cookie-based isn’t the right method for a lot of uses, but any non-cookie-auth right now = dependency.
— Helen 侯-Sandí (@helenhousandi) October 14, 2016
I think a lot of this confusion comes from the excitement about building cool apps that connect from outside of WordPress via the REST API. In those cases, WordPress’ cookie-based authentication does not work. Therefore a different solution is needed. oAuth1, oAuth2, JWT, a custom system, etc.
I like JWT a lot by the way in those scenarios. This plugin makes it very easy.
But what about when we are using the REST API to improve WordPress from inside of a WordPress theme or plugin? Or what if — presuming the content endpoints make it into WordPress 4.7?
In those cases, cookie-based authentication, which is super easy to use, is all we need. This is especially exciting for core. I’d love to see the REST API used for content
Source: https://managewp.org/articles/13626/wordpress-authentication-over-concerns-a-quick-case-study-josh-pollock
source https://williechiu40.wordpress.com/2016/10/15/wordpress-authentication-over-concerns-a-quick-case-study-josh-pollock/
No comments:
Post a Comment