ThomasPe
commented
3 years ago Hey, yes I definitely want to support this since it's a baked-in feature in the REST API (I thought I had already created an issue for that 🤔). I can't make any promises how quickly I could add this, but I'm always happy to look at Pull Requests. :)
With the latest Release 5.6 Wordpress introduced application Passwords. (https://make.wordpress.org/core/2020/11/05/application-passwords-integration-guide/) While it has close to no advantages over JWT Auth in normal WP setups it can be a great alternative when it comes to WP Multisites.
Since JWT is encoding the domain it is valid for, I frequently run into issues maintaining an management App that needs to access multiple subdomain sites in a Multisite and wonder if enabeling Basic Auth in conjunction with revokable App passwords would not be a better solution in a https world.
Any thoughts on not having basic auth as an alternative to token auth.