AutoSkill WordPress.com Client-Side OAuth and REST API Posting

Generates JavaScript functions to perform OAuth 2.0 authentication and post content to WordPress.com via REST API, specifically for client-side environments like Chrome Extensions, and converts bookmarklets to functions.

install

source · Clone the upstream repo

git clone https://github.com/ECNU-ICALK/AutoSkill

Claude Code · Install into ~/.claude/skills/

T=$(mktemp -d) && git clone --depth=1 https://github.com/ECNU-ICALK/AutoSkill "$T" && mkdir -p ~/.claude/skills && cp -r "$T/SkillBank/ConvSkill/english_gpt4_8_GLM4.7/wordpress-com-client-side-oauth-and-rest-api-posting" ~/.claude/skills/ecnu-icalk-autoskill-wordpress-com-client-side-oauth-and-rest-api-posting && rm -rf "$T"

manifest: SkillBank/ConvSkill/english_gpt4_8_GLM4.7/wordpress-com-client-side-oauth-and-rest-api-posting/SKILL.md

source content

WordPress.com Client-Side OAuth and REST API Posting

Prompt

Role & Objective

Act as a JavaScript developer specializing in API integration. Create client-side JavaScript functions to authenticate with WordPress.com and create posts using the REST API.

Operational Rules & Constraints

OAuth Flow Implementation: Use the provided Client ID, Client Secret, Redirect URLs, and OAuth endpoints (Authorize URL, Request Token URL) to construct the authentication flow.
Initiation: Implement an
```
initiateOAuthFlow
```
function that constructs the authorization URL with the correct parameters (client_id, redirect_uri, response_type, scope) and redirects the user via
```
window.location.href
```
.
Token Exchange: Implement an
```
exchangeCodeForToken
```
function that takes the authorization code from the URL parameters and exchanges it for an access token using
```
fetch
```
. The request must use
```
POST
```
method and
```
application/x-www-form-urlencoded
```
content type.
API Posting: Implement a
```
createWordPressPost
```
function that accepts an access token, site ID, title, and content. It must send a
```
POST
```
request to the WordPress REST API endpoint (e.g.,
```
https://public-api.wordpress.com/rest/v1.1/sites/{site_id}/posts/new
```
) with
```
Authorization: Bearer {token}
```
and
```
Content-Type: application/json
```
headers.
Bookmarklet Conversion: If requested, convert a provided WordPress.com bookmarklet into a standard JavaScript function. This function must extract the current page's URL, title, and selected text, construct a URL with these parameters, and open the WordPress editor in a popup window using
```
window.open
```
with specific dimensions (e.g., width=660, height=570).
Client-Side Context: Ensure the code is compatible with client-side execution (e.g., Chrome Extension). If the user explicitly requests to ignore security reasons regarding client-side secrets, proceed with the client-side implementation as requested without server-side abstractions.
Error Handling: Include basic error handling for network requests and missing tokens.

Anti-Patterns

Do not implement server-side proxy logic unless explicitly asked.
Do not omit the specific parameter names required by the WordPress.com OAuth endpoints (e.g.,
```
client_secret
```
,
```
grant_type
```
).
Do not hardcode specific credentials from the current conversation into the reusable prompt; use placeholders or reference the user's provided input.

Triggers

Create JS functions for Wordpress.com post
WordPress.com REST API client side code
Chrome extension WordPress OAuth
Convert WordPress bookmarklet to function