After you've created a client, you can use the client to implement a login flow for your site or app's members. This allows members to access their personal content. The simplest way to create a login flow is to use a Wix-managed login page.
If you to prefer to create a custom login page, see Handle Members with a Custom Login Page. Or if you prefer to provide a login flow managed with an external identity provider, see Handle Members with Externally-Managed Login.
When using a Wix-managed login page, the login flow is as follows:
You can also log a site member out of your site from any page.
To implement a login request, take the following steps:
Use the generateOAuthData() function to generate an OAuth data object for the login.
The function takes two parameters:
redirectUri must be an allowed authorization redirect URI.The function returns an object containing:
codeVerifier to use for PKCE authentication.Example return value:
Store the OAuth data returned by generateOAuthData() locally. For example, you can store the data in localStorage or a cookie. You need to use this data when users are redirected back to your site or app from the Wix-managed login page.
Use the getAuthUrl() function to get a login URL for the site member.
The function takes the object returned by generateOAuthData() as an argument. It returns a promise that resolves to an object containing a login URL for the site member.
Example return object:
Redirect site members to the login URL returned by getAuthUrl(). For example:
Once you redirect site members to the Wix-managed login page, Wix takes over from there. Members log in on the Wix-managed page and Wix redirects them back to your site or app with information that you can use to verify the login was successful and use to generate member tokens to be used with a client for API calls.
After Wix redirects logged in members to your site or app, you need to verify the login was successful, generate member tokens, and then use those tokens with a client to make API calls on behalf of the members.
Get the OAuth data that you stored locally when the login request was made.
If the login was successful, the callback URL contains a fragment that includes code= and state=. If the login failed, the URL contains a fragment that includes error= and error_description=.
Use the parseFromUrl() function to get the fragment data from the current URL:
If the function returns an error code and message, handle it accordingly. For example, you might want to display the error description using an alert:
Use the getMemberTokens() function to get the logged-in member's access and refresh tokens.
The function takes the following parameters:
The function returns an object containing the site member's access token and refresh token.
Example return object:
Use the setTokens() function to set the site member's tokens as the active tokens for the client.
Once tokens are set, every call made by your client uses these tokens. This means that the site member's data is preserved and associated with their account.
To log a site member out:
Use the logout() function to get a Wix-managed logout URL.
The function takes the URL that the site member is redirected to after logging out. It returns a promise that resolves to an object containing the logout URL.
Redirect the browser to the logoutUrl to log the site member out. The browser is automatically redirected back to the originalUrl that you passed to the logout() function.