A Micropub server plugin. Available in the WordPress plugin directory at wordpress.org/plugins/micropub.
Micropub is an open API standard that is used to create posts on one's own domain using third-party clients. Web apps and native apps (e.g. iPhone, Android) can use Micropub to post short notes, photos, events or other posts to your own site, similar to a Twitter client posting to Twitter.com.
Once you've installed and activated the plugin, try using Quill to create a new post on your site. It walks you through the steps and helps you troubleshoot if you run into any problems. After that, try other clients like OwnYourGram, OwnYourCheckin, MobilePub, and Teacup.
Supports the full W3C Micropub CR spec as of 2016-10-18, except for the optional media endpoint. Media may be uploaded directly to the wordpress-micropub endpoint as multipart/form-data, or sideloaded from URLs.
This project is placed in the public domain. You may also use it under the CC0 license.
Supports the following scope parameters requested by Micropub clients.
- post (legacy) - Grants all user delegated access
- create - Allows the client to create posts on behalf of the user
- update - Allows the client to update posts on behalf of the user
- delete - Allows the client to delete posts on behalf of the user
- indelete - Allows the client to undelete posts on behalf of the user
Does not currently support the 'media' scope due lack of adoption by clients. At this time, create or update grants permission for file uploads.
Adds four filters:
before_micropub( $input )
Called before handling a Micropub request. Returns $input, possibly modified.
micropub_post_content( $post_content, $input )
Called during the handling of a Micropub request. The content generation function is attached to this filter by default. Returns $post_content, possibly modified.
micropub_syndicate-to( $synd_urls, $user_id )
Called to generate the list of syndicate-to targets to return in response to a query. Returns $synd_urls, an array, possibly modified.
micropub_query( $resp, $input )
$resp defaults to null. If the return value is non-null, it should be an associative array that is encoded as JSON and will be returned in place of the normal micropub response.
...and two hooks:
after_micropub( $input, $wp_args = null)
Called after handling a Micropub request. Not called if the request fails (ie doesn't return HTTP 2xx).
micropub_syndication( $ID, $syndicate_to )
Called only if there are syndication targets $syndicate_to for post $ID. $syndicate_to will be an array of UIDs that are verified as one or more of the UIDs added using the micropub_syndicate-to filter.
Arguments:
$input: associative array, the Micropub request in JSON format. If the request was form-encoded or a multipart file upload, it's converted to JSON format.$wp_args: optional associative array. For creates and updates, this is the arguments passed towp_insert_postorwp_update_post. For deletes and undeletes,args['ID']contains the post id to be (un)deleted. Null for queries.
Stores microformats2 properties in post metadata with keys prefixed by mf2_. Details here. All values are arrays; use unserialize() to deserialize them.
Does not support multithreading. PHP doesn't really either, so it generally won't matter, but just for the record.
Supports Experimental Properties for Post Status and Visibility. Visibility can be either
public or private. Setting it to private will set the post status to private. Post Status may be set to either published or draft. If visibility or post status are not set to one of these
options, the plugin will return HTTP 400 with body:
{
"error": "invalid_request",
"error_description": "Invalid Post Status"
}
WordPress has a whitelist of file extensions that it allows in uploads. If you upload a file in a Micropub extension that doesn't have an allowed extension, the plugin will return HTTP 400 with body:
{
"error": "invalid request",
"error_description": "Sorry, this file is not permitted for security reasons."
}
Supports the full OAuth2/IndieAuth authentication and authorization flow. Defaults to IndieAuth. Custom auth and token endpoints can be used by overriding the MICROPUB_AUTHENTICATION_ENDPOINT and MICROPUB_TOKEN_ENDPOINT endpoints or by setting the options indieauth_authorization_endpoint and indieauth_token_endpoint which are also set by the IndieAuth Plugin.
If the token's me value matches a WordPress user's URL, that user will be used. Otherwise, the token must match the site's URL, and no user will be used.
Alternatively, you can set MICROPUB_LOCAL_AUTH to 1 to disable the plugin's authorization function, for example if you want authorization to be done by WordPress or another plugin. It will also
be disabled if the IndieAuth plugin is installed.
Finally, for ease of development, if the WordPress site is running on localhost, it logs a warning if the access token is missing or invalid and still allows the request.
Install from the WordPress plugin directory or put micropub.php in your plugin directory. No setup needed.
These configuration options can be enabled by adding them to your wp-config.php
define('MICROPUB_LOCAL_AUTH', '1')- Disable this plugins built-in authentication.define('MICROPUB_AUTHENTICATION_ENDPOINT', 'https://indieauth.com/auth')- Define a custom authentication endpoint.define('MICROPUB_TOKEN_ENDPOINT', 'https://tokens.indieauth.com/token')- Define a custom token endpoint
These configuration options can be enabled by setting them in the WordPress options table or will appear under General if you install the IndieAuth plugin.
indieauth_authorization_endpoint- if set will override MICROPUB_AUTHENTICATION_ENDPOINT for setting a custom endpointindieauth_token_endpoint- if set will override MICROPUB_TOKEN_ENDPOINT for setting a custom endpointmicropub_default_post_status- if set, Micropub posts will be set to this status by default( publish, draft, or private ). Can also be set in the Writing settings.
If your Micropub client includes an Authorization HTTP request header but you still get an HTTP 401 response with body missing access token, your server may be stripping the Authorization header. If you're on Apache, try adding this line to your .htaccess file:
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
If that doesn't work, try this line:
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
If that doesn't work either, you may need to ask your hosting provider to whitelist the Authorization header for your account. If they refuse, you can pass it through Apache with an alternate name, but you'll need to edit this plugin's code to read from that alternate name.
None yet.
None.
The canonical repo is http://github.com/snarfed/wordpress-micropub . Feedback and pull requests are welcome!
To add a new release to the WordPress plugin directory, run push.sh.
To set up your local environment to run the unit tests:
-
Install PHPUnit, e.g.
brew install homebrew/php/wp-cli phpunitwith Homebrew on Mac OS X. -
Install and start MySQL. (You may already have it.)
-
Run
./bin/install-wp-tests.sh wordpress_micropub_test root '' localhostto download WordPress and its unit test library, into/tmpand./tempby default, and create a MySQL db to test against. Background here. Feel free to use a MySQL user other thanroot. You can set theWP_CORE_DIRandWP_TESTS_DIRenvironment variables to change where WordPress and its test library are installed. For example, I put them both in the repo dir. -
Open
wordpress-tests-lib/wp-tests-config.phpand add a slash to the end of the ABSPATH value. No clue why it leaves off the slash; it doesn't work without it. -
Run
phpunitin the repo root dir. If you setWP_CORE_DIRandWP_TESTS_DIRabove, you'll need to set them for this too. You should see output like this:Installing... ... 1 / 1 (100%) Time: 703 ms, Memory: 33.75Mb OK (1 test, 3 assertions)
To set up PHPCodesniffer to test adherence to WordPress Coding Standards and PHP 5.3 Compatibility:
- Install Composer.
- Run
composer installwhich will install all dependencies for PHP Codesniffer and the standards required - To list coding standard issues in a file, run
phpcs --standard=phpcs.xml - If you want to try to automatically fix issues, run
phpcbfwith the same arguments asphpcs.
To automatically convert the readme.txt file to readme.md, you may, if you have installed composer as noted in the previous section, enter composer update-readme to have the .txt file converted
into markdown and saved to readme.md.
- Change scopes to filter
- Get token response when IndieAuth plugin is installed
- Enforce scopes
- Version bump due some individuals not getting template file
- Separate functions that generate headers into micropub and IndieAuth
- Add support for an option now used by the IndieAuth plugin to set alternate token and authorization endpoints
- MICROPUB_LOCAL_AUTH configuration option adjusted to reflect that this disables the plugin built in authentication. This can hand it back to WordPress or allow another plugin to take over
- MICROPUB_LOCAL_AUTH now disables adding auth headers to the page.
- Fix post status issue by checking for valid defaults
- Add configuration option under writing settings to set default post status
- Add
micropub_syndicationhook that only fires on a request to syndicate to make it easier for third-party plugins to hook in
- Saves access token response in a post meta field
micropub_auth_response. - Bug fix for
post_date_gmt - Store timezone from published in arguments passed to micropub filter
- Correctly handle published times that are in a different timezone than the site.
- Set minimum version to PHP 5.3
- Adhere to WordPress Coding Standards
- Add
micropub_queryfilter - Support Nested Properties in Content Generation
- Deprecate
MICROPUB_DRAFT_MODEconfiguration option in favor of setting option - Remove post content generation override in case of microformats2 capable theme or Post Kinds plugin installed
- Introduce
micropub_post_contentfilter to which post content generation is attached so that a theme or plugin can modify/remove the post generation as needed
- Support OwnYourSwarm's custom
checkinmicroformats2 property, including auto-generating content if necessary. - Support
u-bookmark-of.
- Support
h-adr,h-geo, and plain text values forp-location. - Bug fix for create/update with
content[html].
- Remove accidental dependence on PHP 5.3 (#46).
Substantial update. Supports full W3C Micropub spec, except for optional media endpoint.
- Change
mf2_*post meta format from multiple separate values to single array value that can be deserialized withunserialize. - Change the
before_micropubfilter's signature from( $wp_args )to( $input )(microformats2 associative array). - Change the
after_micropubhook's signature changed from( $post_id )to( $input, $wp_args )(microformats2 associative array, WordPress post args). - Post content will not be automatically marked up if theme supports microformats2 or Post Kinds plugin is enabled.
- Add PHP Codesniffer File.
- Store all properties in post meta except those in a blacklist.
- Support setting authentication and token endpoint in wp-config by setting
MICROPUB_AUTHENTICATION_ENDPOINTandMICROPUB_TOKEN_ENDPOINT. - Support setting all micropub posts to draft in wp-config for testing by setting
MICROPUB_DRAFT_MODEin wp-config. - Support using local auth to authenticate as opposed to IndieAuth as by setting
MICROPUB_LOCAL_AUTHin wp-config. - Set content to summary if no content provided.
- Support querying for syndicate-to and future query options.
- Use the specific WordPress user whose URL matches the access token, if possible.
- Set
post_date_gmtas well aspost_date.
- Support more Micropub properties:
photo,like-of,repost-of,in-reply-to,rsvp,location,category,h=event. - Check but don't require access tokens on localhost.
- Better error handling.
Initial release.