[wordpress插件] Application Passwords应用密码

Use Application Passwords to authenticate users without providing their passwords directly.

使用应用程序密码来认证用户，而无需直接提供其密码。

Instead, a unique password is generated for each application without revealing the user’s main password.

而是为每个应用程序生成一个唯一的密码，而不会泄露用户的主密码。

Application passwords can be revoked for each application individually.

可以分别撤销每个应用程序的应用程序密码。

Important: Application Passwords can be used only for authenticating API requests such as

重要：应用密码只能用于验证API请求，例如

REST API and XML-RPC, and they won't work for regular site logins

REST API 和 XML-RPC ，它们不适用于常规网站登录

.

Contribute

贡献

• Translate the plugin into your language.
• 将插件翻译为您的语言。

• Report issues, suggest features and contribute code on GitHub.
• 在GitHub上报告问题，建议功能并贡献代码 。

Creating Application Password Manually

手动创建应用程序密码

1. Go the User Profile page of the user that you want to generate a new application password for.

2. 转到要为其生成新应用程序密码的用户的“用户配置文件”页面。

   To do so, click Users on the left side of the WordPress admin, then click on the user that you want to manage.

为此，请单击WordPress管理员左侧的 Users ，然后单击要管理的用户。

3. Scroll down until you see the Application Passwords section.

4. 向下滚动，直到看到“应用程序密码”部分。

   This is typically at the bottom of the page.

通常在页面底部。

5. Within the input field, type in a name for your new application password, then click Add New.
   

6. 在输入字段中，输入新应用程序密码的名称，然后单击添加新。
   

   Note: The application password name is only used to describe your password for easy management later.

   注意：应用程序密码名称仅用于描述您的密码，以便以后管理。

   It will not affect your password in any way.

   它不会以任何方式影响您的密码。

   Be descriptive, as it will lead to easier management if you ever need to change it later.

具有描述性，因为如果以后需要更改它，它将使管理变得更容易。

7. Once the Add New button is clicked, your new application password will appear.

8. 单击添加新按钮后，将显示新的应用程序密码。

   Be sure to keep this somewhere safe, as it will not be displayed to you again.

   确保将其保存在安全的地方，因为它不会再次显示给您。

   If you lose this password, it cannot be obtained again.

如果您丢失了该密码，将无法再次获取。

Two Factor Support

两因素支持

Application Passwords can be used together with the Two Factor plugin as long as you disable the extra protection added by the

应用密码可以与双因子插件一起使用，只要您禁用由

Two Factor plugin which disables API requests with password authentication for users with Two Factor enabled.

两因素插件，可为启用了两因素的用户禁用密码身份验证的API请求。

Use the two_factor_user_api_login_enable filter to allow API requests with password-based authentication header for all users:

使用 two_factor_user_api_login_enable 过滤器允许所有用户使用基于密码的身份验证标头的API请求：

add_filter( 'two_factor_user_api_login_enable', '__return_true' );
  add_filter（'two_factor_user_api_login_enable'，'__return_true'）;
 
This is not required if the user associated with the application password doesn’t have any of the Two Factor methods enabled.
如果与应用程序密码关联的用户未启用任何两种因素方法，则不需要此方法。
Requesting Password for Application
请求申请密码
To request a password for your application, redirect users to:
要为您的应用程序请求密码，请将用户重定向到：
https://example.com/wp-admin/admin.php?page=auth_app
  https://example.com/wp-admin/admin.php?page=auth_app
 
and use the following GET request parameters to specify:
并使用以下 GET 请求参数进行指定：
app_name (required) – The human readable identifier for your app.
  app_name （必填）–您的应用可读的标识符。
This will be the name of the generated application password, so structure it like … “WordPress Mobile App on iPhone 12” for uniqueness between multiple versions.
这将是生成的应用程序密码的名称，因此应将其结构化为“ iPhone 12上的WordPress移动应用程序”，以实现多个版本之间的唯一性。
If omitted, the user will be required to provide an application name.
如果省略，则要求用户提供应用程序名称。
success_url (recommended) – The URL that you’d like the user to be sent to if they approve the connection.
  success_url （推荐）–如果用户批准连接，您希望将其发送到的URL。
Two GET variables will be appended when they are passed back — user_login and password — these credentials can then be used for API calls.
传递回两个GET变量后，它们将被附加- user_login 和 password -这些凭据可用于API调用。
If the success_url variable is omitted, a password will be generated and displayed to the user, to manually enter into your application.
如果省略 success_url 变量，则会生成一个密码并将其显示给用户，以手动输入您的应用程序。
reject_url (optional) – If included, the user will get sent there if they reject the connection.
  reject_url （可选）–如果包含，则拒绝连接的用户将被发送到那里。
If omitted, the user will be sent to the success_url, with ?success=false appended to the end.
如果省略，则会将用户发送到 success_url ，并在末尾附加？success = false 。
If the success_url is omitted, the user will be sent to their dashboard.
如果省略 success_url ，则用户将被发送到其仪表板。
Testing an Application Password
测试应用程序密码
We use curl to send HTTP requests to the API endpoints in the examples below.
在下面的示例中，我们使用 curl 将HTTP请求发送到API端点。
WordPress REST API
 WordPress REST API 
Make a REST API call to update a post.
进行REST API调用以更新帖子。
Because you are performing a POST request, you will need to authorize the request using your newly created base64 encoded access token.
由于您正在执行 POST 请求，因此需要使用新创建的base64编码访问令牌对请求进行授权。
If authorized correctly, you will see the post title update to “New Title.”
如果授权正确，您将看到帖子标题更新为“新标题”。
curl --user "USERNAME:APPLICATION_PASSWORD" -X POST -d "title=New Title" https://LOCALHOST/wp-json/wp/v2/posts/POST_ID
  curl --user“ USERNAME：APPLICATION_PASSWORD” -X POST -d“ title = New Title” https：// LOCALHOST / wp-json / wp / v2 / posts / POST_ID
 
When running this command, be sure to replace USERNAME and APPLICATION_PASSWORD with your credentials (curl takes care of base64 encoding and setting the Authorization
运行此命令时，请确保用您的凭据替换 USERNAME 和 APPLICATION_PASSWORD （curl负责base64编码并设置 Authorization 
header), LOCALHOST with the hostname of your WordPress installation, and POST_ID with the ID of the post that you want to edit.
标头），带有您的WordPress安装主机名的 LOCALHOST 和带有您要编辑的帖子ID的 POST_ID 。
XML-RPC
 XML-RPC 
Unlike the WordPress REST API, XML-RPC does not require your username and password to be base64 encoded.
与WordPress REST API不同，XML-RPC不需要您的用户名和密码进行base64编码。
Send an XML-RPC request to list all users:
发送XML-RPC请求以列出所有用户：
curl -H 'Content-Type: text/xml' -d 'wp.getUsers1
  curl -H'内容类型：text / xml'-d'  wp.getUsers     1  
param>USERNAMEPASSWORD' https://LOCALHOST/xmlrpc.php
param>   USERNAME     PASSWORD    'https：//LOCALHOST/xmlrpc.php
 
In the above example, replace USERNAME with your username, PASSWORD with your new application password, and LOCALHOST with the hostname of your WordPress
在上面的示例中，将 USERNAME 替换为用户名，将 PASSWORD 替换为新的应用程序密码，将 LOCALHOST 替换为WordPress的主机名
installation.
安装。
This should output a response containing all users on your site.
这将输出包含您网站上所有用户的响应。
Plugin History
插件历史记录
This is a feature plugin that is a spinoff of the main Two-Factor Authentication plugin
这是一个功能插件，它是主要两要素身份验证插件的衍生产品
.