George Stephanis
George Stephanis
My hesitancy with breaking Two-Factor out onto its own admin page was that I didn't want to clutter the admin menu with an extra tab for users that don't use...
I'd initially thought that perhaps instead of accepting a http url, we could just display the credentials to the user, so that they can enter it into the app manually...
Wpcli command? Sure, I'll write it today.
Just noting that this functionality is added to the PR to implement this in Core. https://github.com/WordPress/wordpress-develop/pull/540/files#diff-7e404b0606ee5356291d2c6e122fd00eR1512 https://github.com/WordPress/wordpress-develop/pull/540/commits/d45d9464537d99238171209bb30b412efd2425a4
Just worth noting that on the core proposal, the `wp_is_application_passwords_available` filter is available -- it isn't itself specific to endpoints, as the authentication mechanism can also work with xmlrpc requests...
Tentative page looks something like this -- still open to just calling `wp_safe_redirect()` to pass the user along silently though. Not sure if this sort of interstitial would be better...
Incidentally, something like https://github.com/georgestephanis/application-passwords/commit/16af809dcaeb347baef8f3a116170eef1bca6633 can test for whether the site's server is killing the authentication header, or whether it's behaving properly -- if it's worth making a general purpose tester...
With a test for sufficient contrast ratio, sure.
I'm off on my weekend right now. Will try to remember to take a look first thing on Monday.