John Blackbourn · Jul 5, 2018 · 9:04 PM UTC

John Blackbourn

earlier replies

John Blackbourn @johnbillion

5 Jul 2018

Replying to @carlhancock

Unfortunately because nobody has stepped up to do it. Same reason anything else isn't in core.

Mario Peshev · Jul 5, 2018 · 9:08 PM UTC

Mario Peshev

@no_fear_inc

5 Jul 2018

I have to agree with Carl though, been asking myself for 5 years now; it just seems like a mandatory thing to have for anything outside of "let's fetch an archive of our latest posts". I'm genuinely surprised it was launched without it. Was lower SSL adoption the reason?

Morten Rand-Hendriksen is elsewhere · Jul 5, 2018 · 9:14 PM UTC

Morten Rand-Hendriksen is elsewhere @mor10

5 Jul 2018

I remember someone (perhaps @rmccue) was working on something around OAuth2 a few years ago, but no idea where that ended up. IMO OAuth2 should be built in as a minimum, in core. Of course I have no ability to contribute to this apart from saying it should be done.

Aaron Parecki · Jul 5, 2018 · 9:34 PM UTC

Aaron Parecki · Jul 5, 2018 · 9:34 PM UTC

Aaron Parecki @aaronpk

5 Jul 2018

Check out the work done on the IndieAuth plugin: wordpress.org/plugins/indiea… It also works as authentication for the REST API. IndieAuth has the benefit of not needing to pre-register clients, so it is actually useful in a distributed setting like how WordPress works.

IndieAuth

IndieAuth is a way to allow users to use their own domain to sign into other websites and services.

wordpress.org

Jul 5, 2018 · 9:34 PM UTC