wp_validate_application_password

The timeline below displays how wordpress function wp_validate_application_password has changed across different WordPress versions. If a version is not listed, refer to the next available version below.

WordPress Version: 5.7

/**
 * Validates the application password credentials passed via Basic Authentication.
 *
 * @since 5.6.0
 *
 * @param int|false $input_user User ID if one has been determined, false otherwise.
 * @return int|false The authenticated user ID if successful, false otherwise.
 */
function wp_validate_application_password($input_user)
{
    // Don't authenticate twice.
    if (!empty($input_user)) {
        return $input_user;
    }
    if (!wp_is_application_passwords_available()) {
        return $input_user;
    }
    // Both $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] must be set in order to attempt authentication.
    if (!isset($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'])) {
        return $input_user;
    }
    $authenticated = wp_authenticate_application_password(null, $_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
    if ($authenticated instanceof WP_User) {
        return $authenticated->ID;
    }
    // If it wasn't a user what got returned, just pass on what we had received originally.
    return $input_user;
}

WordPress Version: 6.1

/**
 * Validates the application password credentials passed via Basic Authentication.
 *
 * @since 5.6.0
 *
 * @param int|bool $input_user User ID if one has been determined, false otherwise.
 * @return int|bool The authenticated user ID if successful, false otherwise.
 */
function wp_validate_application_password($input_user)
{
    // Don't authenticate twice.
    if (!empty($input_user)) {
        return $input_user;
    }
    if (!wp_is_application_passwords_available()) {
        return $input_user;
    }
    // Both $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] must be set in order to attempt authentication.
    if (!isset($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'])) {
        return $input_user;
    }
    $authenticated = wp_authenticate_application_password(null, $_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
    if ($authenticated instanceof WP_User) {
        return $authenticated->ID;
    }
    // If it wasn't a user what got returned, just pass on what we had received originally.
    return $input_user;
}

WordPress Version: 5.6

/**
 * Validates the application password credentials passed via Basic Authentication.
 *
 * @since 5.6.0
 *
 * @param int|bool $input_user User ID if one has been determined, false otherwise.
 * @return int|bool The authenticated user ID if successful, false otherwise.
 */
function wp_validate_application_password($input_user)
{
    // Don't authenticate twice.
    if (!empty($input_user)) {
        return $input_user;
    }
    if (!wp_is_application_passwords_available()) {
        return $input_user;
    }
    // Check that we're trying to authenticate
    if (!isset($_SERVER['PHP_AUTH_USER'])) {
        return $input_user;
    }
    $authenticated = wp_authenticate_application_password(null, $_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
    if ($authenticated instanceof WP_User) {
        return $authenticated->ID;
    }
    // If it wasn't a user what got returned, just pass on what we had received originally.
    return $input_user;
}