Keyring 3.0

Well it’s been a while, but I’ve just pushed a 3.0 release of Keyring.

Keyring is a generalized framework for WordPress which handles authentication with, and authenticated requests to remote services. It provides a set of predefined “Services” which describe how to communicate with a collection of popular platforms, and also makes it easy for you to plug into that framework and define your own Services for other systems.

This version includes a bunch of improvements and compatibility updates, including all sorts of contributions from other folks. There are a lot of fixes and tweaks that have come back into the project as part of it being used on, and as part of the hiring process at Automattic.

Here’s the full changelog:

  • CHANGE: Default branch has been renamed to trunk to match WordPress projects. Update your refs.
  • Enhancement: BREAKING: Removed delicious service (they have shut down completely). Props @sanmai.
  • Enhancement: BREAKING: LinkedIn now uses OAuth2. Props @glendaviesnz.
  • Enhancement: fetch_profile_picture method added to Twitter service. Props @glendaviesnz.
  • Enhancement: Added a GitHub Service definition, props @alperakgun.
  • Enhancement: Added a Google Drive Service definition, props @scruffian.
  • Enhancement: Trim spaces off API keys etc to avoid mistakes when copy/pasting. Props @kbrown9.
  • Enhancement: Allow all 2xx response codes to be considered “Success” for all requests, for all protocols. Props @bgrgicak for the proposal.
  • Enhancement: Add translator comments. Props @scruffian.
  • Enhancement: Define the self endpoint for Tumblr, and add helper methods to retrieve user info. Props @glendaviesnz.
  • Enhancement: Add a keyring_{service}_request_scope filter for OAuth2 services, matching the existing filter for OAuth1 services. Props @glendaviesnz.
  • Enhancement: Add a 'full_response' param to Keyring_Service_OAuth2::request(), which will cause the method to return the full HTTP response object. Props @glendaviesnz.
  • Enhancement: Some services (looking at you, Strava) seem to double-encode redirect URIs, resulting in “corrupted” parameter names. Added a method to clean that up.
  • Bugfix: Make the Google services always request a refresh token for offline access. Props @kbrown9 and @atrniv for input.
  • Bugfix: Update Strava to use refresh tokens and offline access, per their new API requirements. Props @mdrovdahl for pointing it out.
  • Bugfix: Update use of add_submenu_page() to comply with WP 5.3. Props @jhwwp ( for the fix.
  • Bugfix: Apply the keyring_access_token filter consistently in Google Services. Props @pablinos.
  • Bugfix: Use static “Cancel” URIs in UIs. Props @pgl.
  • Bugfix: Remove some code from Eventbrite.
  • Bugfix: Ensure that PUT requests have a Content-Length header set. Props @glendaviesnz.
  • Bugfix: Compatibility with more recent versions of PHP7, and PHP8.
  • Bugfix: Apply keyring_access_token filter properly in Instapaper.
  • Bugfix: Remove redunant is_service check (enforced via method call signature). Props @sanmai.
  • Bugfix: Remove hover event on action links in Service listing UI.