Let members sign in with an identity provider such as Google or Facebook. You add a login interface, like a Sign in with Google button, to your own site whose handler starts the login flow with the provider you choose.
Wix runs the authentication flow, so you don't need to build a login page, manage the provider's OAuth flow, or use an API key. The member simply signs in with their existing account.
Before starting to code, make sure that you:
This is the recommended approach for most sites: the member clicks a provider button in your own UI and goes directly to that provider, with no Wix login page in between.
The flow is the same as a Wix login page, except that you add an idp field to the authorization request, set to the provider's connection ID. Use the following connection IDs:
| Provider | Connection ID |
|---|---|
0e6a50f5-b523-4e29-990d-f37fa2ffdd69 | |
3ecad13f-52c3-483d-911f-31dbcf2a6d23 |
Note: Custom OpenID Connect (OIDC) connections, such as your own single sign-on (SSO) provider, are a premium feature and aren't available to all sites. If your site has it, you'll see SSO settings in your dashboard, where you can configure a connection and get its ID. To sign members in through such a connection, set idp to that connection's ID. Wix still runs the flow.
Before starting the login, prepare the following:
Store the code verifier, code challenge, and state so they're available on your callback page.
In the handler for your Sign in with Google button, call Create Redirect Session with the security data, plus an idp field set to the provider's connection ID. Authorize the request with the current visitor's access token.
The response includes a fullUrl that sends the member to the provider.
Redirect the member to the fullUrl from the response. Wix sends them straight to the provider's sign-in page. After they authenticate, Wix redirects them back to your redirect URI with code and state in the URL fragment.
On your callback page, confirm the returned state matches the value you stored, then exchange the code for member tokens by calling Retrieve Tokens:
The response includes an access_token, a refresh_token, and expires_in. Use the tokens to make authenticated API calls as the member. To refresh tokens or log the member out, see Handle Members with a Wix Login Page.
Note: You can also send members to the Wix login page, where each available provider appears as a button alongside email login and members choose how to sign in. To do so, follow the standard Wix login page flow without an idp field.
Last updated: 15 July 2026