Remove v3 API Secret on Plugin Update#1065
Conversation
WordPress Playground🚀 Your PR has been built and is ready for testing in WordPress Playground! |
n7studios
requested review from
a team,
ciccio-kit and
noelherrick
and removed request for
a team
noelherrick
left a comment
noelherrick
left a comment
There was a problem hiding this comment.
What are your thoughts only running this if they have successfully done the exchange? Or would the whole method bail if $this->maybe_get_access_token_by_api_key_and_secret is not successful
I considered this, but so many creators have already obtained access and refresh tokens from the v3 API Key and Secret, given this method was available since ~ July 2024, and we haven't used the v3 API Secret since then. I think the catch-all method in this PR ensures the v3 API Secret is truly removed. If a creator is still on version < 2.5.0, almost 2 years later, it's unlikely they'll upgrade (and if they do, they'll still be given a token by using the v3 credentials and then have the v3 API Secret removed). If there's an edge case I haven't considered, they'd be prompted to go through the OAuth flow anyway. |
2 participants
Summary
Whenever a new Plugin release is published and the creator updates to the latest version, checks if a v3 API Secret exists, and if so deletes it from the Plugin's settings.
v3 API Keys and Secrets were retained following the introduction of the v4 API, to permit automatic exchange of v3 API Keys for v4 tokens. This was in July 2024, so by now the API secret isn't needed.
The v3 API Key is retained for the time being, to support legacy forms. A future PR will notify users who have this setting, and advise them how to add this to their
wp-config.phpfile.Testing
testV3APISecretRemovedFromSettings: Test that a v3 API Secret is removed from the Plugin's settings when specified.Checklist