WordPress.org

Making WordPress.org

Opened 4 years ago

Last modified 3 years ago

#721 new enhancement

Allow WordPress.org to act as a oAuth Provider

Reported by: Shelob9 Owned by:
Milestone: Priority: normal
Component: API Keywords:
Cc:

Description

I'd like to propose that I be able to authenticate on another site using my WordPress.org account. Let me explain two use cases:

Use Case 1: To enable allowing plugin/ theme ratings from the WordPress admin
If we could remote login to WordPress.org from our own WordPress admin, then it would make sense to add an endpoint to the WordPress.org API to set a rating, that could be POSTed to from the plugin & theme admin pages in WordPress.

Use Case 2: Improve wpackagist:
I want to write a fork of wpackagist.org (well really I want @nikv to do it) where I can login and set an official GitHub repo for my plugin. That way in a composer.json file a user can specify the development version of my plugin. The issue is how do I make it so only an admin of that plugin can make that determination? I can check their WordPress.org username against the https://api.wordpress.org/plugins/info/1.0/{slug}.json endpoint of the WordPress.org API, but only once I've verified they really are that user, which would require authenticating against WordPress.org

Change History (2)

This ticket was mentioned in Slack in #meta-i18n by ocean90. View the logs.


3 years ago

#2 @swissspidy
3 years ago

Also worth noting this article by Ryan McCue: https://poststatus.com/a-future-api/

I see the benefits of WordPress.org being an OAuth provider, but I guess for your use case #2 you could also use the username@chat.wordpress.org email addresses to validate users. For now, at least.

Note: See TracTickets for help on using tickets.