First pass at a basic form of verified software statements.
This checks the JWT for an "iss" header. If one is present, we fetch a public key at that host ".well-known/wp-api/oauth2.pem", and use that public key to verify the JWT.
If a client is verified we display a "verified" message on the connect screen.
This also adds a new "--sign" flag to the CLI command to generate a signed software statement.
First pass at a basic form of verified software statements.
This checks the JWT for an "iss" header. If one is present, we fetch a public key at that host ".well-known/wp-api/oauth2.pem", and use that public key to verify the JWT.
If a client is verified we display a "verified" message on the connect screen.
This also adds a new "--sign" flag to the CLI command to generate a signed software statement.
Fixes #18.
Test Instructions
And upload it to
https://yourwebsite.com/.well-known/wp-api/oauth2.pem
.Then, in your WordPress install run the WP CLI command to generate a software statement.
WP CLI will prompt you for the passphrase you entered in step 1.
Use your generated software statement as the
client_id
.