Add WP.com OAuth login support#1190
Draft
jkmassel wants to merge 15 commits intoadd/password-encryptionfrom
Draft
Add WP.com OAuth login support#1190jkmassel wants to merge 15 commits intoadd/password-encryptionfrom
jkmassel wants to merge 15 commits intoadd/password-encryptionfrom
Conversation
5 tasks
jkmassel
force-pushed
the
add/wpcom-oauth-login
branch
from
9d527ca to
8cc368f
Compare
jkmassel
force-pushed
the
add/password-encryption
branch
from
867fb66 to
0aa9929
Compare
jkmassel
force-pushed
the
add/wpcom-oauth-login
branch
from
8cc368f to
52a0ea4
Compare
* CMM-1260 Add stats devices screensize endpoint
Add the /stats/devices/screensize WP.com REST API endpoint with shared
device stats types (params, response, period enum) and JSON test fixtures.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* CMM-1260 Add stats devices browser endpoint
Add the /stats/devices/browser WP.com REST API endpoint, reusing shared
device stats types, with JSON test fixtures for browser usage data.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* CMM-1260 Add stats devices platform endpoint
Add the /stats/devices/platform WP.com REST API endpoint, reusing shared
device stats types, with JSON test fixtures for platform usage data.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Handle empty array response in stats devices top_values
Use deserialize_empty_array_or_hashmap for top_values since the API
returns [] instead of {} when there is no data.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* CMM-1258 Add stats clicks endpoint for Traffic tab
Add the /stats/clicks WP.com REST API endpoint with support for
summarize=1 (summary) and summarize=0 (days) response modes.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* CMM-1258 Add stats search terms endpoint for Traffic tab
Add the /stats/search-terms WP.com REST API endpoint with support for
summarize=1 (summary) and summarize=0 (days) response modes.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* CMM-1258 Add stats video plays endpoint for Traffic tab
Add the /stats/video-plays WP.com REST API endpoint. This endpoint has
a unique response structure where data is always inside days.summary.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* CMM-1258 add stats file-downloads endpoint
Add the /rest/v1.1/sites/{site_id}/stats/file-downloads endpoint
following the same pattern as other stats endpoints. Includes types,
endpoint definition, JSON test fixtures, and client wiring.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* CMM-1258 Change skip_archives from Option<bool> to bool with default true
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
jkmassel
force-pushed
the
add/wpcom-oauth-login
branch
2 times, most recently
from
7a5a5dd to
e9012f6
Compare
The `interceptors` parameter in the secondary constructors of `WpLoginClient` and `WpRequestExecutor` was the only parameter without a default value, requiring callers to always pass it explicitly. This adds `= listOf()` as the default to match the pattern of the other parameters. Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* Parse custom taxonomy terms in SparseAnyPost * Remove a redundant unit test in Kotlin * Run `cargo fmt`
Bumps [fastlane-plugin-wpmreleasetoolkit](https://github.com/wordpress-mobile/release-toolkit) from 14.0.0 to 14.1.0. - [Release notes](https://github.com/wordpress-mobile/release-toolkit/releases) - [Changelog](https://github.com/wordpress-mobile/release-toolkit/blob/trunk/CHANGELOG.md) - [Commits](wordpress-mobile/release-toolkit@14.0.0...14.1.0) --- updated-dependencies: - dependency-name: fastlane-plugin-wpmreleasetoolkit dependency-version: 14.1.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
jkmassel
force-pushed
the
add/password-encryption
branch
4 times, most recently
from
7f822ed to
d77cc25
Compare
* Add test cases to reproduce an issue * Add another integration test * Refresh the metadata collection list locally to bring in post updates * Update integration tests * Add another integration test * Remove refresh_post * Log errors * Add a couple more integration tests * Check categories and tags in loosely_matches_post
jkmassel
force-pushed
the
add/password-encryption
branch
9 times, most recently
from
a8684c9 to
115e7db
Compare
jkmassel
force-pushed
the
add/password-encryption
branch
6 times, most recently
from
2648ac7 to
0dc3eff
Compare
jkmassel
force-pushed
the
add/wpcom-oauth-login
branch
from
c2b404d to
0bdba53
Compare
jkmassel
force-pushed
the
add/password-encryption
branch
from
0dc3eff to
58196fc
Compare
Introduces `AccountRepository` for encrypted credential storage and `AesGcmPasswordTransformer`, a pure-Rust AES-256-GCM password encryption implementation exposed via UniFFI. The `PasswordTransformer` trait uses `#[uniffi::export(with_foreign)]` so platforms can provide their own implementations (e.g. hardware- backed encryption) while the Rust one serves as a cross-platform fallback — particularly for Linux where platform keystores are unavailable. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Exports persistence types (AccountRepository, PasswordTransformer, etc.) to the public Swift API. Conditionally re-exports AesGcmPasswordTransformer on Linux via #if os(Linux) so third-party clients can use it through `import WordPressAPI` without reaching into WordPressAPIInternal. Adds AesGcmPasswordTransformerTests exercising the Rust-backed UniFFI transformer — guarded with #if os(Linux) since the type is only available there (the Apple xcframework is built with --no-default-features which excludes aes-gcm-encryption). On Apple platforms, SecureEnclavePasswordTransformer fills this role instead. Fixes the testRoot() test on Linux by gating it with there, and adds request timeouts to prevent hangs. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…tion Hardware-backed PasswordTransformer for Apple platforms using ECIES (P-256 ECDH + HKDF-SHA256 + AES-256-GCM). Falls back to software keys on simulators. Guarded with #if canImport(CryptoKit) so it compiles out cleanly on Linux. All Secure Enclave tests run under a single @suite(.serialized) to prevent cooperative thread pool deadlocks — SE key creation blocks the calling thread, and Swift Testing's fixed-size cooperative pool deadlocks when all threads block simultaneously. See: https://forums.swift.org/t/cooperative-pool-deadlock-when-calling-into-an-opaque-subsystem/70685 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Hardware-backed PasswordTransformer for Android using the Android Keystore with AES-256-GCM. Prefers StrongBox (API 28+) and falls back to TEE. Exposes isHardwareBacked property for callers to check the security level. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
jkmassel
force-pushed
the
add/password-encryption
branch
from
58196fc to
22fbd5d
Compare
5 tasks
jkmassel
force-pushed
the
add/wpcom-oauth-login
branch
3 times, most recently
from
4121579 to
c0c5a51
Compare
Add OAuth2 configuration discovery during site login, WP.com OAuth login improvements, and support for WP.com OAuth login for sites discovered via the self-hosted flow. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
jkmassel
force-pushed
the
add/wpcom-oauth-login
branch
3 times, most recently
from
68fc01e to
9c77848
Compare
Migrate iOS/macOS example app to AccountRepository with SecureEnclavePasswordTransformer. Add WP.com OAuth login flow and credential bundle support. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
jkmassel
force-pushed
the
add/wpcom-oauth-login
branch
from
9c77848 to
bf781f0
Compare
jkmassel
force-pushed
the
add/password-encryption
branch
from
22fbd5d to
6a0b82d
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Add WordPress.com OAuth login alongside the existing self-hosted Application Passwords flow.
AccountRepositorywith encrypted credential storageDepends on #1189.
Test plan
🤖 Generated with Claude Code