This repository has been archived by the owner on Aug 27, 2019. It is now read-only.
OAuth example code referenced doesn't work and is outdated #63
Milestone
Comments
|
Totally correct; https://github.com/WP-API/rest-api-console is our v2 version, which doesn't use OAuth, but rather cookie authentication. OAuth in JS is the only way to do client-side only applications, but most apps will probably proxy via a server side instead. We should have an example that does that. :) |
|
Closing this as we're focusing on the built-in cookie authentication for the developer handbook, but this should be considered for documentation for the OAuth repo |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
On the Authentication page: http://v2.wp-api.org/guide/authentication/
Under "OAuth Authentication", an API Console: https://github.com/WP-API/api-console , is mentioned as a reference.
After spending a couple days trying to get it working, it became obvious to me that it wasn't designed for the v2 API, hasn't been updated in a year, and tries to do client-side authentication over OAuth sending a client key and secret in the clear from a JavaScript client.
I'd propose removing this reference link altogether as I don't feel it is a good starting place for people to learn how to use OAuth with the v2 API, and it teaches some really insecure practices that we should hope no one actually follows in their own application development.
The text was updated successfully, but these errors were encountered: