wp_is_authorize_application_password_request_valid

The timeline below displays how wordpress function wp_is_authorize_application_password_request_valid has changed across different WordPress versions. If a version is not listed, refer to the next available version below.

WordPress Version: 6.5

/**
 * Checks if the Authorize Application Password request is valid.
 *
 * @since 5.6.0
 * @since 6.2.0 Allow insecure HTTP connections for the local environment.
 * @since 6.3.2 Validates the success and reject URLs to prevent `javascript` pseudo protocol from being executed.
 *
 * @param array   $request {
 *     The array of request data. All arguments are optional and may be empty.
 *
 *     @type string $app_name    The suggested name of the application.
 *     @type string $app_id      A UUID provided by the application to uniquely identify it.
 *     @type string $success_url The URL the user will be redirected to after approving the application.
 *     @type string $reject_url  The URL the user will be redirected to after rejecting the application.
 * }
 * @param WP_User $user The user authorizing the application.
 * @return true|WP_Error True if the request is valid, a WP_Error object contains errors if not.
 */
function wp_is_authorize_application_password_request_valid($request, $user)
{
    $error = new WP_Error();
    if (isset($request['success_url'])) {
        $validated_success_url = wp_is_authorize_application_redirect_url_valid($request['success_url']);
        if (is_wp_error($validated_success_url)) {
            $error->add($validated_success_url->get_error_code(), $validated_success_url->get_error_message());
        }
    }
    if (isset($request['reject_url'])) {
        $validated_reject_url = wp_is_authorize_application_redirect_url_valid($request['reject_url']);
        if (is_wp_error($validated_reject_url)) {
            $error->add($validated_reject_url->get_error_code(), $validated_reject_url->get_error_message());
        }
    }
    if (!empty($request['app_id']) && !wp_is_uuid($request['app_id'])) {
        $error->add('invalid_app_id', __('The application ID must be a UUID.'));
    }
    /**
     * Fires before application password errors are returned.
     *
     * @since 5.6.0
     *
     * @param WP_Error $error   The error object.
     * @param array    $request The array of request data.
     * @param WP_User  $user    The user authorizing the application.
     */
    do_action('wp_authorize_application_password_request_errors', $error, $request, $user);
    if ($error->has_errors()) {
        return $error;
    }
    return true;
}

WordPress Version: 3.2

/**
 * Checks if the Authorize Application Password request is valid.
 *
 * @since 5.6.0
 * @since 6.2.0 Allow insecure HTTP connections for the local environment.
 * @since 6.3.2 Validates the success and reject URLs to prevent javascript pseudo protocol being executed.
 *
 * @param array   $request {
 *     The array of request data. All arguments are optional and may be empty.
 *
 *     @type string $app_name    The suggested name of the application.
 *     @type string $app_id      A UUID provided by the application to uniquely identify it.
 *     @type string $success_url The URL the user will be redirected to after approving the application.
 *     @type string $reject_url  The URL the user will be redirected to after rejecting the application.
 * }
 * @param WP_User $user The user authorizing the application.
 * @return true|WP_Error True if the request is valid, a WP_Error object contains errors if not.
 */
function wp_is_authorize_application_password_request_valid($request, $user)
{
    $error = new WP_Error();
    if (isset($request['success_url'])) {
        $validated_success_url = wp_is_authorize_application_redirect_url_valid($request['success_url']);
        if (is_wp_error($validated_success_url)) {
            $error->add($validated_success_url->get_error_code(), $validated_success_url->get_error_message());
        }
    }
    if (isset($request['reject_url'])) {
        $validated_reject_url = wp_is_authorize_application_redirect_url_valid($request['reject_url']);
        if (is_wp_error($validated_reject_url)) {
            $error->add($validated_reject_url->get_error_code(), $validated_reject_url->get_error_message());
        }
    }
    if (!empty($request['app_id']) && !wp_is_uuid($request['app_id'])) {
        $error->add('invalid_app_id', __('The application ID must be a UUID.'));
    }
    /**
     * Fires before application password errors are returned.
     *
     * @since 5.6.0
     *
     * @param WP_Error $error   The error object.
     * @param array    $request The array of request data.
     * @param WP_User  $user    The user authorizing the application.
     */
    do_action('wp_authorize_application_password_request_errors', $error, $request, $user);
    if ($error->has_errors()) {
        return $error;
    }
    return true;
}

WordPress Version: 6.3

/**
 * Checks if the Authorize Application Password request is valid.
 *
 * @since 5.6.0
 * @since 6.2.0 Allow insecure HTTP connections for the local environment.
 *
 * @param array   $request {
 *     The array of request data. All arguments are optional and may be empty.
 *
 *     @type string $app_name    The suggested name of the application.
 *     @type string $app_id      A UUID provided by the application to uniquely identify it.
 *     @type string $success_url The URL the user will be redirected to after approving the application.
 *     @type string $reject_url  The URL the user will be redirected to after rejecting the application.
 * }
 * @param WP_User $user The user authorizing the application.
 * @return true|WP_Error True if the request is valid, a WP_Error object contains errors if not.
 */
function wp_is_authorize_application_password_request_valid($request, $user)
{
    $error = new WP_Error();
    $is_local = 'local' === wp_get_environment_type();
    if (!empty($request['success_url'])) {
        $scheme = wp_parse_url($request['success_url'], PHP_URL_SCHEME);
        if ('http' === $scheme && !$is_local) {
            $error->add('invalid_redirect_scheme', __('The success URL must be served over a secure connection.'));
        }
    }
    if (!empty($request['reject_url'])) {
        $scheme = wp_parse_url($request['reject_url'], PHP_URL_SCHEME);
        if ('http' === $scheme && !$is_local) {
            $error->add('invalid_redirect_scheme', __('The rejection URL must be served over a secure connection.'));
        }
    }
    if (!empty($request['app_id']) && !wp_is_uuid($request['app_id'])) {
        $error->add('invalid_app_id', __('The application ID must be a UUID.'));
    }
    /**
     * Fires before application password errors are returned.
     *
     * @since 5.6.0
     *
     * @param WP_Error $error   The error object.
     * @param array    $request The array of request data.
     * @param WP_User  $user    The user authorizing the application.
     */
    do_action('wp_authorize_application_password_request_errors', $error, $request, $user);
    if ($error->has_errors()) {
        return $error;
    }
    return true;
}

WordPress Version: 2.3

/**
 * Checks if the Authorize Application Password request is valid.
 *
 * @since 5.6.0
 * @since 6.2.0 Allow insecure HTTP connections for the local environment.
 * @since 6.3.2 Validates the success and reject URLs to prevent javascript pseudo protocol being executed.
 *
 * @param array   $request {
 *     The array of request data. All arguments are optional and may be empty.
 *
 *     @type string $app_name    The suggested name of the application.
 *     @type string $app_id      A UUID provided by the application to uniquely identify it.
 *     @type string $success_url The URL the user will be redirected to after approving the application.
 *     @type string $reject_url  The URL the user will be redirected to after rejecting the application.
 * }
 * @param WP_User $user The user authorizing the application.
 * @return true|WP_Error True if the request is valid, a WP_Error object contains errors if not.
 */
function wp_is_authorize_application_password_request_valid($request, $user)
{
    $error = new WP_Error();
    if (isset($request['success_url'])) {
        $validated_success_url = wp_is_authorize_application_redirect_url_valid($request['success_url']);
        if (is_wp_error($validated_success_url)) {
            $error->add($validated_success_url->get_error_code(), $validated_success_url->get_error_message());
        }
    }
    if (isset($request['reject_url'])) {
        $validated_reject_url = wp_is_authorize_application_redirect_url_valid($request['reject_url']);
        if (is_wp_error($validated_reject_url)) {
            $error->add($validated_reject_url->get_error_code(), $validated_reject_url->get_error_message());
        }
    }
    if (!empty($request['app_id']) && !wp_is_uuid($request['app_id'])) {
        $error->add('invalid_app_id', __('The application ID must be a UUID.'));
    }
    /**
     * Fires before application password errors are returned.
     *
     * @since 5.6.0
     *
     * @param WP_Error $error   The error object.
     * @param array    $request The array of request data.
     * @param WP_User  $user    The user authorizing the application.
     */
    do_action('wp_authorize_application_password_request_errors', $error, $request, $user);
    if ($error->has_errors()) {
        return $error;
    }
    return true;
}

WordPress Version: 6.2

/**
 * Checks if the Authorize Application Password request is valid.
 *
 * @since 5.6.0
 * @since 6.2.0 Allow insecure HTTP connections for the local environment.
 *
 * @param array   $request {
 *     The array of request data. All arguments are optional and may be empty.
 *
 *     @type string $app_name    The suggested name of the application.
 *     @type string $app_id      A UUID provided by the application to uniquely identify it.
 *     @type string $success_url The URL the user will be redirected to after approving the application.
 *     @type string $reject_url  The URL the user will be redirected to after rejecting the application.
 * }
 * @param WP_User $user The user authorizing the application.
 * @return true|WP_Error True if the request is valid, a WP_Error object contains errors if not.
 */
function wp_is_authorize_application_password_request_valid($request, $user)
{
    $error = new WP_Error();
    $is_local = 'local' === wp_get_environment_type();
    if (!empty($request['success_url'])) {
        $scheme = wp_parse_url($request['success_url'], PHP_URL_SCHEME);
        if ('http' === $scheme && !$is_local) {
            $error->add('invalid_redirect_scheme', __('The success URL must be served over a secure connection.'));
        }
    }
    if (!empty($request['reject_url'])) {
        $scheme = wp_parse_url($request['reject_url'], PHP_URL_SCHEME);
        if ('http' === $scheme && !$is_local) {
            $error->add('invalid_redirect_scheme', __('The rejection URL must be served over a secure connection.'));
        }
    }
    if (!empty($request['app_id']) && !wp_is_uuid($request['app_id'])) {
        $error->add('invalid_app_id', __('The application ID must be a UUID.'));
    }
    /**
     * Fires before application password errors are returned.
     *
     * @since 5.6.0
     *
     * @param WP_Error $error   The error object.
     * @param array    $request The array of request data.
     * @param WP_User  $user    The user authorizing the application.
     */
    do_action('wp_authorize_application_password_request_errors', $error, $request, $user);
    if ($error->has_errors()) {
        return $error;
    }
    return true;
}

WordPress Version: 1.4

/**
 * Checks if the Authorize Application Password request is valid.
 *
 * @since 5.6.0
 * @since 6.2.0 Allow insecure HTTP connections for the local environment.
 * @since 6.3.2 Validates the success and reject URLs to prevent javascript pseudo protocol being executed.
 *
 * @param array   $request {
 *     The array of request data. All arguments are optional and may be empty.
 *
 *     @type string $app_name    The suggested name of the application.
 *     @type string $app_id      A UUID provided by the application to uniquely identify it.
 *     @type string $success_url The URL the user will be redirected to after approving the application.
 *     @type string $reject_url  The URL the user will be redirected to after rejecting the application.
 * }
 * @param WP_User $user The user authorizing the application.
 * @return true|WP_Error True if the request is valid, a WP_Error object contains errors if not.
 */
function wp_is_authorize_application_password_request_valid($request, $user)
{
    $error = new WP_Error();
    if (isset($request['success_url'])) {
        $validated_success_url = wp_is_authorize_application_redirect_url_valid($request['success_url']);
        if (is_wp_error($validated_success_url)) {
            $error->add($validated_success_url->get_error_code(), $validated_success_url->get_error_message());
        }
    }
    if (isset($request['reject_url'])) {
        $validated_reject_url = wp_is_authorize_application_redirect_url_valid($request['reject_url']);
        if (is_wp_error($validated_reject_url)) {
            $error->add($validated_reject_url->get_error_code(), $validated_reject_url->get_error_message());
        }
    }
    if (!empty($request['app_id']) && !wp_is_uuid($request['app_id'])) {
        $error->add('invalid_app_id', __('The application ID must be a UUID.'));
    }
    /**
     * Fires before application password errors are returned.
     *
     * @since 5.6.0
     *
     * @param WP_Error $error   The error object.
     * @param array    $request The array of request data.
     * @param WP_User  $user    The user authorizing the application.
     */
    do_action('wp_authorize_application_password_request_errors', $error, $request, $user);
    if ($error->has_errors()) {
        return $error;
    }
    return true;
}

WordPress Version: 6.1

/**
 * Checks if the Authorize Application Password request is valid.
 *
 * @since 5.6.0
 *
 * @param array   $request {
 *     The array of request data. All arguments are optional and may be empty.
 *
 *     @type string $app_name    The suggested name of the application.
 *     @type string $app_id      A UUID provided by the application to uniquely identify it.
 *     @type string $success_url The URL the user will be redirected to after approving the application.
 *     @type string $reject_url  The URL the user will be redirected to after rejecting the application.
 * }
 * @param WP_User $user The user authorizing the application.
 * @return true|WP_Error True if the request is valid, a WP_Error object contains errors if not.
 */
function wp_is_authorize_application_password_request_valid($request, $user)
{
    $error = new WP_Error();
    if (!empty($request['success_url'])) {
        $scheme = wp_parse_url($request['success_url'], PHP_URL_SCHEME);
        if ('http' === $scheme) {
            $error->add('invalid_redirect_scheme', __('The success URL must be served over a secure connection.'));
        }
    }
    if (!empty($request['reject_url'])) {
        $scheme = wp_parse_url($request['reject_url'], PHP_URL_SCHEME);
        if ('http' === $scheme) {
            $error->add('invalid_redirect_scheme', __('The rejection URL must be served over a secure connection.'));
        }
    }
    if (!empty($request['app_id']) && !wp_is_uuid($request['app_id'])) {
        $error->add('invalid_app_id', __('The application ID must be a UUID.'));
    }
    /**
     * Fires before application password errors are returned.
     *
     * @since 5.6.0
     *
     * @param WP_Error $error   The error object.
     * @param array    $request The array of request data.
     * @param WP_User  $user    The user authorizing the application.
     */
    do_action('wp_authorize_application_password_request_errors', $error, $request, $user);
    if ($error->has_errors()) {
        return $error;
    }
    return true;
}

WordPress Version: 9.8

/**
 * Checks if the Authorize Application Password request is valid.
 *
 * @since 5.6.0
 * @since 6.2.0 Allow insecure HTTP connections for the local environment.
 * @since 6.3.2 Validates the success and reject URLs to prevent javascript pseudo protocol being executed.
 *
 * @param array   $request {
 *     The array of request data. All arguments are optional and may be empty.
 *
 *     @type string $app_name    The suggested name of the application.
 *     @type string $app_id      A UUID provided by the application to uniquely identify it.
 *     @type string $success_url The URL the user will be redirected to after approving the application.
 *     @type string $reject_url  The URL the user will be redirected to after rejecting the application.
 * }
 * @param WP_User $user The user authorizing the application.
 * @return true|WP_Error True if the request is valid, a WP_Error object contains errors if not.
 */
function wp_is_authorize_application_password_request_valid($request, $user)
{
    $error = new WP_Error();
    if (isset($request['success_url'])) {
        $validated_success_url = wp_is_authorize_application_redirect_url_valid($request['success_url']);
        if (is_wp_error($validated_success_url)) {
            $error->add($validated_success_url->get_error_code(), $validated_success_url->get_error_message());
        }
    }
    if (isset($request['reject_url'])) {
        $validated_reject_url = wp_is_authorize_application_redirect_url_valid($request['reject_url']);
        if (is_wp_error($validated_reject_url)) {
            $error->add($validated_reject_url->get_error_code(), $validated_reject_url->get_error_message());
        }
    }
    if (!empty($request['app_id']) && !wp_is_uuid($request['app_id'])) {
        $error->add('invalid_app_id', __('The application ID must be a UUID.'));
    }
    /**
     * Fires before application password errors are returned.
     *
     * @since 5.6.0
     *
     * @param WP_Error $error   The error object.
     * @param array    $request The array of request data.
     * @param WP_User  $user    The user authorizing the application.
     */
    do_action('wp_authorize_application_password_request_errors', $error, $request, $user);
    if ($error->has_errors()) {
        return $error;
    }
    return true;
}

WordPress Version: 5.9

/**
 * Checks if the Authorize Application Password request is valid.
 *
 * @since 5.6.0
 *
 * @param array   $request {
 *     The array of request data. All arguments are optional and may be empty.
 *
 *     @type string $app_name    The suggested name of the application.
 *     @type string $app_id      A UUID provided by the application to uniquely identify it.
 *     @type string $success_url The URL the user will be redirected to after approving the application.
 *     @type string $reject_url  The URL the user will be redirected to after rejecting the application.
 * }
 * @param WP_User $user The user authorizing the application.
 * @return true|WP_Error True if the request is valid, a WP_Error object contains errors if not.
 */
function wp_is_authorize_application_password_request_valid($request, $user)
{
    $error = new WP_Error();
    if (!empty($request['success_url'])) {
        $scheme = wp_parse_url($request['success_url'], PHP_URL_SCHEME);
        if ('http' === $scheme) {
            $error->add('invalid_redirect_scheme', __('The success URL must be served over a secure connection.'));
        }
    }
    if (!empty($request['reject_url'])) {
        $scheme = wp_parse_url($request['reject_url'], PHP_URL_SCHEME);
        if ('http' === $scheme) {
            $error->add('invalid_redirect_scheme', __('The rejection URL must be served over a secure connection.'));
        }
    }
    if (!empty($request['app_id']) && !wp_is_uuid($request['app_id'])) {
        $error->add('invalid_app_id', __('The application ID must be a UUID.'));
    }
    /**
     * Fires before application password errors are returned.
     *
     * @since 5.6.0
     *
     * @param WP_Error $error   The error object.
     * @param array    $request The array of request data.
     * @param WP_User  $user    The user authorizing the application.
     */
    do_action('wp_authorize_application_password_request_errors', $error, $request, $user);
    if ($error->has_errors()) {
        return $error;
    }
    return true;
}

WordPress Version: 8.8

/**
 * Checks if the Authorize Application Password request is valid.
 *
 * @since 5.6.0
 * @since 6.2.0 Allow insecure HTTP connections for the local environment.
 * @since 6.3.2 Validates the success and reject URLs to prevent javascript pseudo protocol being executed.
 *
 * @param array   $request {
 *     The array of request data. All arguments are optional and may be empty.
 *
 *     @type string $app_name    The suggested name of the application.
 *     @type string $app_id      A uuid provided by the application to uniquely identify it.
 *     @type string $success_url The url the user will be redirected to after approving the application.
 *     @type string $reject_url  The url the user will be redirected to after rejecting the application.
 * }
 * @param WP_User $user The user authorizing the application.
 * @return true|WP_Error True if the request is valid, a WP_Error object contains errors if not.
 */
function wp_is_authorize_application_password_request_valid($request, $user)
{
    $error = new WP_Error();
    if (isset($request['success_url'])) {
        $validated_success_url = wp_is_authorize_application_redirect_url_valid($request['success_url']);
        if (is_wp_error($validated_success_url)) {
            $error->add($validated_success_url->get_error_code(), $validated_success_url->get_error_message());
        }
    }
    if (isset($request['reject_url'])) {
        $validated_reject_url = wp_is_authorize_application_redirect_url_valid($request['reject_url']);
        if (is_wp_error($validated_reject_url)) {
            $error->add($validated_reject_url->get_error_code(), $validated_reject_url->get_error_message());
        }
    }
    if (!empty($request['app_id']) && !wp_is_uuid($request['app_id'])) {
        $error->add('invalid_app_id', __('The app id must be a uuid.'));
    }
    /**
     * Fires before application password errors are returned.
     *
     * @since 5.6.0
     *
     * @param WP_Error $error   The error object.
     * @param array    $request The array of request data.
     * @param WP_User  $user    The user authorizing the application.
     */
    do_action('wp_authorize_application_password_request_errors', $error, $request, $user);
    if ($error->has_errors()) {
        return $error;
    }
    return true;
}

WordPress Version: 7.2

/**
 * Checks if the Authorize Application Password request is valid.
 *
 * @since 5.6.0
 *
 * @param array   $request {
 *     The array of request data. All arguments are optional and may be empty.
 *
 *     @type string $app_name    The suggested name of the application.
 *     @type string $app_id      A uuid provided by the application to uniquely identify it.
 *     @type string $success_url The url the user will be redirected to after approving the application.
 *     @type string $reject_url  The url the user will be redirected to after rejecting the application.
 * }
 * @param WP_User $user The user authorizing the application.
 * @return true|WP_Error True if the request is valid, a WP_Error object contains errors if not.
 */
function wp_is_authorize_application_password_request_valid($request, $user)
{
    $error = new WP_Error();
    if (!empty($request['success_url'])) {
        $scheme = wp_parse_url($request['success_url'], PHP_URL_SCHEME);
        if ('http' === $scheme) {
            $error->add('invalid_redirect_scheme', __('The success url must be served over a secure connection.'));
        }
    }
    if (!empty($request['reject_url'])) {
        $scheme = wp_parse_url($request['reject_url'], PHP_URL_SCHEME);
        if ('http' === $scheme) {
            $error->add('invalid_redirect_scheme', __('The rejection url must be served over a secure connection.'));
        }
    }
    if (!empty($request['app_id']) && !wp_is_uuid($request['app_id'])) {
        $error->add('invalid_app_id', __('The app id must be a uuid.'));
    }
    /**
     * Fires before application password errors are returned.
     *
     * @since 5.6.0
     *
     * @param WP_Error $error   The error object.
     * @param array    $request The array of request data.
     * @param WP_User  $user    The user authorizing the application.
     */
    do_action('wp_authorize_application_password_request_errors', $error, $request, $user);
    if ($error->has_errors()) {
        return $error;
    }
    return true;
}

WordPress Version: .10

/**
 * Checks if the Authorize Application Password request is valid.
 *
 * @since 5.6.0
 * @since 6.2.0 Allow insecure HTTP connections for the local environment.
 * @since 6.3.2 Validates the success and reject URLs to prevent javascript pseudo protocol being executed.
 *
 * @param array   $request {
 *     The array of request data. All arguments are optional and may be empty.
 *
 *     @type string $app_name    The suggested name of the application.
 *     @type string $app_id      A uuid provided by the application to uniquely identify it.
 *     @type string $success_url The url the user will be redirected to after approving the application.
 *     @type string $reject_url  The url the user will be redirected to after rejecting the application.
 * }
 * @param WP_User $user The user authorizing the application.
 * @return true|WP_Error True if the request is valid, a WP_Error object contains errors if not.
 */
function wp_is_authorize_application_password_request_valid($request, $user)
{
    $error = new WP_Error();
    if (isset($request['success_url'])) {
        $validated_success_url = wp_is_authorize_application_redirect_url_valid($request['success_url']);
        if (is_wp_error($validated_success_url)) {
            $error->add($validated_success_url->get_error_code(), $validated_success_url->get_error_message());
        }
    }
    if (isset($request['reject_url'])) {
        $validated_reject_url = wp_is_authorize_application_redirect_url_valid($request['reject_url']);
        if (is_wp_error($validated_reject_url)) {
            $error->add($validated_reject_url->get_error_code(), $validated_reject_url->get_error_message());
        }
    }
    if (!empty($request['app_id']) && !wp_is_uuid($request['app_id'])) {
        $error->add('invalid_app_id', __('The app id must be a uuid.'));
    }
    /**
     * Fires before application password errors are returned.
     *
     * @since 5.6.0
     *
     * @param WP_Error $error   The error object.
     * @param array    $request The array of request data.
     * @param WP_User  $user    The user authorizing the application.
     */
    do_action('wp_authorize_application_password_request_errors', $error, $request, $user);
    if ($error->has_errors()) {
        return $error;
    }
    return true;
}

WordPress Version: 6.2

/**
 * Checks if the Authorize Application Password request is valid.
 *
 * @since 5.6.0
 *
 * @param array   $request {
 *     The array of request data. All arguments are optional and may be empty.
 *
 *     @type string $app_name    The suggested name of the application.
 *     @type string $app_id      A uuid provided by the application to uniquely identify it.
 *     @type string $success_url The url the user will be redirected to after approving the application.
 *     @type string $reject_url  The url the user will be redirected to after rejecting the application.
 * }
 * @param WP_User $user The user authorizing the application.
 * @return true|WP_Error True if the request is valid, a WP_Error object contains errors if not.
 */
function wp_is_authorize_application_password_request_valid($request, $user)
{
    $error = new WP_Error();
    if (!empty($request['success_url'])) {
        $scheme = wp_parse_url($request['success_url'], PHP_URL_SCHEME);
        if ('http' === $scheme) {
            $error->add('invalid_redirect_scheme', __('The success url must be served over a secure connection.'));
        }
    }
    if (!empty($request['reject_url'])) {
        $scheme = wp_parse_url($request['reject_url'], PHP_URL_SCHEME);
        if ('http' === $scheme) {
            $error->add('invalid_redirect_scheme', __('The rejection url must be served over a secure connection.'));
        }
    }
    if (!empty($request['app_id']) && !wp_is_uuid($request['app_id'])) {
        $error->add('invalid_app_id', __('The app id must be a uuid.'));
    }
    /**
     * Fires before application password errors are returned.
     *
     * @since 5.6.0
     *
     * @param WP_Error $error   The error object.
     * @param array    $request The array of request data.
     * @param WP_User  $user    The user authorizing the application.
     */
    do_action('wp_authorize_application_password_request_errors', $error, $request, $user);
    if ($error->has_errors()) {
        return $error;
    }
    return true;
}

WordPress Version: .12

/**
 * Checks if the Authorize Application Password request is valid.
 *
 * @since 5.6.0
 * @since 6.2.0 Allow insecure HTTP connections for the local environment.
 * @since 6.3.2 Validates the success and reject URLs to prevent javascript pseudo protocol being executed.
 *
 * @param array   $request {
 *     The array of request data. All arguments are optional and may be empty.
 *
 *     @type string $app_name    The suggested name of the application.
 *     @type string $app_id      A uuid provided by the application to uniquely identify it.
 *     @type string $success_url The url the user will be redirected to after approving the application.
 *     @type string $reject_url  The url the user will be redirected to after rejecting the application.
 * }
 * @param WP_User $user The user authorizing the application.
 * @return true|WP_Error True if the request is valid, a WP_Error object contains errors if not.
 */
function wp_is_authorize_application_password_request_valid($request, $user)
{
    $error = new WP_Error();
    if (isset($request['success_url'])) {
        $validated_success_url = wp_is_authorize_application_redirect_url_valid($request['success_url']);
        if (is_wp_error($validated_success_url)) {
            $error->add($validated_success_url->get_error_code(), $validated_success_url->get_error_message());
        }
    }
    if (isset($request['reject_url'])) {
        $validated_reject_url = wp_is_authorize_application_redirect_url_valid($request['reject_url']);
        if (is_wp_error($validated_reject_url)) {
            $error->add($validated_reject_url->get_error_code(), $validated_reject_url->get_error_message());
        }
    }
    if (!empty($request['app_id']) && !wp_is_uuid($request['app_id'])) {
        $error->add('invalid_app_id', __('The app id must be a uuid.'));
    }
    /**
     * Fires before application password errors are returned.
     *
     * @since 5.6.0
     *
     * @param WP_Error $error   The error object.
     * @param array    $request The array of request data.
     * @param WP_User  $user    The user authorizing the application.
     */
    do_action('wp_authorize_application_password_request_errors', $error, $request, $user);
    if ($error->has_errors()) {
        return $error;
    }
    return true;
}

WordPress Version: 5.6

/**
 * Checks if the Authorize Application Password request is valid.
 *
 * @since 5.6.0
 *
 * @param array   $request {
 *     The array of request data. All arguments are optional and may be empty.
 *
 *     @type string $app_name    The suggested name of the application.
 *     @type string $app_id      A uuid provided by the application to uniquely identify it.
 *     @type string $success_url The url the user will be redirected to after approving the application.
 *     @type string $reject_url  The url the user will be redirected to after rejecting the application.
 * }
 * @param WP_User $user The user authorizing the application.
 * @return true|WP_Error True if the request is valid, a WP_Error object contains errors if not.
 */
function wp_is_authorize_application_password_request_valid($request, $user)
{
    $error = new WP_Error();
    if (!empty($request['success_url'])) {
        $scheme = wp_parse_url($request['success_url'], PHP_URL_SCHEME);
        if ('http' === $scheme) {
            $error->add('invalid_redirect_scheme', __('The success url must be served over a secure connection.'));
        }
    }
    if (!empty($request['reject_url'])) {
        $scheme = wp_parse_url($request['reject_url'], PHP_URL_SCHEME);
        if ('http' === $scheme) {
            $error->add('invalid_redirect_scheme', __('The rejection url must be served over a secure connection.'));
        }
    }
    if (!empty($request['app_id']) && !wp_is_uuid($request['app_id'])) {
        $error->add('invalid_app_id', __('The app id must be a uuid.'));
    }
    /**
     * Fires before application password errors are returned.
     *
     * @since 5.6.0
     *
     * @param WP_Error $error   The error object.
     * @param array    $request The array of request data.
     * @param WP_User  $user    The user authorizing the application.
     */
    do_action('wp_authorize_application_password_request_errors', $error, $request, $user);
    if ($error->has_errors()) {
        return $error;
    }
    return true;
}