You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When sending a use to the Authorize URL and they are not logged in, they are redirected to the /wp-login.php page with the Authorize URL and tokens in the ?redirect_to param. As this is the standard WP login page, the user also has the option to reset their password. If they use this link the ?redirect_to param is then forgotten.
On the password reset page they have the option to return to the login page, however again this is without the ?redirect_to and therefore once the user logs in they are sent to the default redirect URL which out of the box is /wp-admin/ which will drop them out of the flow.
Additionally, if the user attempts to reset their password, the link that they are sent will send them to the default password reset page, again out of flow.
I appreciate that the way this works is part of the WordPress Core but thought I'd mention here as the result is a bigger issue for WP API / OAuth1, though ?redirect_to to the password reset page would be an improvement in my opinion.
The text was updated successfully, but these errors were encountered:
When sending a use to the Authorize URL and they are not logged in, they are redirected to the /wp-login.php page with the Authorize URL and tokens in the ?redirect_to param. As this is the standard WP login page, the user also has the option to reset their password. If they use this link the ?redirect_to param is then forgotten.
On the password reset page they have the option to return to the login page, however again this is without the ?redirect_to and therefore once the user logs in they are sent to the default redirect URL which out of the box is /wp-admin/ which will drop them out of the flow.
Additionally, if the user attempts to reset their password, the link that they are sent will send them to the default password reset page, again out of flow.
I appreciate that the way this works is part of the WordPress Core but thought I'd mention here as the result is a bigger issue for WP API / OAuth1, though ?redirect_to to the password reset page would be an improvement in my opinion.
The text was updated successfully, but these errors were encountered: