Add support for application passwords

[spacedmonkey]

Feature Request

• Yes, I reviewed the contribution guidelines.

Describe your use case and the problem you are facing

Application passwords as a REST API authentication as added back in WordPress 5.6. This allow for authenticated requests by passing username and application password. It would be great if RESTful command fully support this.

Currently it is possible to use application password by passing username and password in the command like this.

wp rest --http=http://admin:"X9yS 9YYn pbaU 5H8A kJNO DEfe"@www.example.com post create --content=wibble --title=wibble

However, this is not espcially secure. As the password is written in plan text in the command.

Describe the solution you'd like

There are a number of ways this could be implemented,

• New paramters.

wp rest --http=https://www.example.com --application_user=admin --application_password=password

• Use envoriment variables
  Username and password could be read in via envoriment variables.

• Via wp-cli.yml
  Username and password could be read in via wp-cli.yml

It would also be nice, if this command supported, application registion as well. But this is a nice to have.

[danielbachhuber]

I'm open to a PR on this, and I don't have a strong opinion on the implementation at this point. I'd look at authentication for other CLI tools for inspiration.

Feel free to submit a pull request, if you'd like. Here is some guidance on our pull request best practices.