Update class-indieauth-authorize.php

[janboddez]

Even though the default value for $error is null, we should probably not make assumptions about expected return values. By returning $error rather than a hardcoded null, we respect other plugins' possible changes.

Jetpack, for instance, calls this filter like so (i.e., with $error equal to true): https://github.com/Automattic/jetpack/blob/e29cee2d08516e93486e4dcd0b102244e7609ed4/projects/plugins/jetpack/_inc/lib/admin-pages/class.jetpack-admin-page.php#L190-L195. May be weird, but if we then return null, things break.

[janboddez]

Oh, forgot to mention that this should fix #265.

[janboddez]

May be weird, but if we then return null, things break.

Turns out true is actually valid ... (https://developer.wordpress.org/reference/hooks/rest_authentication_errors/). Either way, probably safest to just allow other plugins to do their thing and just return whatever value we were passed (or an error, of course)!

[pfefferle]

👍

[janboddez]

Made a few more changes.

Just one, actually, the rest was updating the PHPDoc.

Anyway, so, I was wondering. If the $error arg is in fact non-empty (because the filter was called, like Jetpack does, with true as its first argument), should we always simply return it?

Maybe it's equally "safe" to still allow IndieAuth to return any error it encountered? Or rather, if this isn't an "IndieAuth request," no error would get set anyway (at least, that's what I'm assuming), and as a result the $error arg would be returned unchanged regardless. If that's the case, there's no need for the "empty" check. (I think?)

[dshanske]

Looks good to me.