Skip to content

feat: Add WordPress.com OAuth support to Android demo app#339

Draft
jkmassel wants to merge 2 commits intotrunkfrom
jkmassel/wordpress-com-support
Draft

feat: Add WordPress.com OAuth support to Android demo app#339
jkmassel wants to merge 2 commits intotrunkfrom
jkmassel/wordpress-com-support

Conversation

@jkmassel
Copy link
Contributor

@jkmassel jkmassel commented Feb 25, 2026

What?

Add WordPress.com OAuth2 authentication support to the Android demo app, alongside the existing Application Passwords flow for self-hosted sites.

Why?

The wordpress-rs library now distinguishes between Application Passwords and OAuth2 authentication mechanisms (via DiscoveredAuthenticationMechanism). This PR adopts that API change so the demo app can connect to both self-hosted WordPress sites and WordPress.com sites.

How?

  • Dependency update: Bump wordpress-rs to the version from PR #1190 and Kotlin to 2.1.21 for compatibility
  • AuthenticationManager rewrite: Branch on success.authentication — launch Application Passwords browser flow for self-hosted, OAuth2 browser flow for WP.com. OAuth credentials loaded from a gitignored JSON asset file
  • AccountRepository migration: Replace ConfigurationStorage (SharedPreferences) with AccountRepository (encrypted, Rust-backed via Android Keystore). Add GutenbergKitApplication for initialization
  • ConfigurationItem update: Add accountId field and fromAccount() factory that handles both Account.SelfHostedSite (Basic auth) and Account.WpCom (Bearer auth)
  • SiteCapabilitiesDiscovery: Use WpLoginClient.apiDiscovery() for all sites. For WP.com, also check rewritten route paths with /sites/{slug}/ inserted after namespace prefix
  • Manifest: Add OAuth callback intent filter (gutenbergkit://wpcom-authorized)

Testing Instructions

  1. Build and install the Android demo app
  2. Self-hosted: Tap "Add WordPress site", enter a self-hosted site URL → Application Passwords flow → verify editor loads
  3. WordPress.com: Copy wp_com_oauth_credentials.json.example to wp_com_oauth_credentials.json in assets, fill in client_id/secret → enter a WP.com site URL (e.g., example.wordpress.com) → OAuth browser flow → verify capabilities show green checks and editor loads
  4. Verify sites persist across app restarts
  5. Long-press a site → delete → verify it's removed

🤖 Generated with Claude Code

@jkmassel jkmassel added the [Type] Enhancement A suggestion for improvement. label Feb 25, 2026
@jkmassel jkmassel force-pushed the jkmassel/wordpress-com-support branch from 5eeb6cc to 0b13e7f Compare February 25, 2026 21:12
@jkmassel jkmassel force-pushed the jkmassel/wordpress-com-support branch from 0b13e7f to 8681b6b Compare February 25, 2026 21:56
Support both self-hosted (Application Passwords) and WordPress.com
(OAuth2) authentication in the Android demo app by adopting the new
wordpress-rs authentication API.

Key changes:
- Update wordpress-rs to version with OAuth2 support
- Rewrite AuthenticationManager to branch on DiscoveredAuthenticationMechanism
- Migrate site persistence from SharedPreferences to encrypted AccountRepository
- Add GutenbergKitApplication for AccountRepository initialization
- Update SiteCapabilitiesDiscovery to use autodiscovery with WP.com route handling
- Add OAuth callback intent filter and credentials template

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@jkmassel jkmassel force-pushed the jkmassel/wordpress-com-support branch from 8681b6b to 6bc5e33 Compare February 25, 2026 22:36
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

[Type] Enhancement A suggestion for improvement.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant