The auth
submodule allows you to work with Wix authentication and permissions.
This submodule is not intended for use with self-hosted Apps.
import { auth } from "@wix/essentials";
elevate()
Creates a copy of a method with the elevated permissions required by the original method.
Some methods are restricted as to who can call them, based on identities and/or permissions. For example, the createProduct()
method can only be called by Wix users, while the confirmBooking()
method can only be called by site collaborators who have certain administrative bookings permissions.
Methods that have authentication restrictions are indicated by an authentication note in their descriptions.
When you need to call a method from a context without the necessary authentication or permissions, create an elevated version of the method and call that elevated method instead.
Due to potential security issues, the elevate() method can only be called in the backend.
Learn more about elevation when:
elevate()
in backend code that can be triggered from the frontend and in code that is exposed as an API to outside callers.
function elevate(sourceFunction: Function): Function;
Name | Type | Description |
---|---|---|
sourceFunction | function | SDK function to elevate. |
An SDK function that runs with elevated permissions.
Create a new product with elevated permissions:
import { auth } from "@wix/essentials";
import { products } from "@wix/stores";
const newProduct = {
// Add product details.
};
const elevatedCreateProduct = auth.elevate(products.createProduct);
const createdProduct = await elevatedCreateProduct(newProduct);
getTokenInfo()
Returns the information encoded in the currently active token in backend extensions.
When developing backend extensions for an app or web methods, you might need to access information about the session making the request to your backend.
This information is encoded in the token sent with the request, and can be accessed using getTokenInfo()
. It can include the user ID, the site ID, the instance ID, and more.
function getTokenInfo(): Promise<{
active: boolean;
subjectType: 'APP' | 'USER' | 'MEMBER' | 'VISITOR' | 'UNKNOWN';
subjectId: string;
exp: number;
iat: number;
clientId?: string;
siteId: string;
instanceId?: string;
}>;
A promise that resolves to the token info.
Code for extracting information from a request to a backend extension in a Wix CLI project:
import { auth } from "@wix/essentials";
export async function GET(req: Request) {
const tokenInfo = await auth.getTokenInfo();
if (tokenInfo.subjectType === "USER") {
return new Response(`Hello user ${tokenInfo.subjectId}`);
} else if (tokenInfo.subjectType === "APP") {
return new Response("Hello app");
} else if (tokenInfo.subjectType === "MEMBER") {
return new Response(`Hello member ${tokenInfo.subjectId}`);
} else {
return new Response(`Hello visitor ${tokenInfo.subjectId}`);
}
}
Code for extracting information from a request to a web method:
import { auth } from "@wix/essentials";
import { Permissions, webMethod } from "wix-web-module";
export const sayHello = webMethod(Permimissions.Anyone, async () => {
const tokenInfo = await auth.getTokenInfo();
if (tokenInfo.subjectType === "USER") {
return `Hello user ${tokenInfo.subjectId}`;
} else if (tokenInfo.subjectType === "APP") {
return "Hello app";
} else if (tokenInfo.subjectType === "MEMBER") {
return `Hello member ${tokenInfo.subjectId}`;
} else {
return `Hello visitor ${tokenInfo.subjectId}`;
}
});