OAuthStrategy
Important: This strategy is intended for use with Wix Headless.
This authentication strategy is used with a Wix Client
to authenticate API calls using OAuth tokens.
When using this authentication strategy for an API request, the requester's identity is that of the corresponding visitor or member, and permissions are determined by their assigned roles. For more information, see Handle Visitors, Handle Members with Wix-Managed Login, or Handle Members with Custom Login.
OAuthStrategy()
Creates an authentication strategy object that uses OAuth for visitor or member authentication.
Syntax
1OAuthStrategy({clientId: string, tokens: Tokens, siteId: string}): OAuthStrategy
Parameters
Name | Type | Description |
---|---|---|
clientId | string | The wix Headless client ID. |
tokens | Tokens | Optional. The access and refresh tokens to use for authentication. |
Returns
OAuthStrategy
Functions
generateOAuthData()
Generates an object with all the data needed for an OAuth flow.
The generateOAuthData()
function creates OAuth data. You can use the generated data when sending visitors to a Wix-managed login page. Typically, you generate the OAuth data on the page that requests the login. The returned data is stored locally to be used later on the login callback page. To learn more, see Handle Members with Wix-Managed Login.
Syntax
1generateOAuthData(redirectUri: string, originalUrl?: string): OauthData
Parameters
Name | Type | Description |
---|---|---|
redirectUri | string | The URI to redirect to after authentication is complete. |
[originalUri] | string | The URL of the page where the authentication request originated from. This can be used to redirect back from the callback page. |
Returns
OauthData
Name | Type | Description |
---|---|---|
state | string | A randomized string to be used in the OAuth flow. |
redirectUri | string | The URI to redirect to after authentication is complete. |
originalUrl | string | The URL of the page where the authentication request originated from. This can be used to redirect back from the callback page if there is an authentication error. |
codeVerifier | string | A randomized string to use for PKCE authentication. |
codeChallenge | string | A SHA256 hash of codeVerifier to use for PKCE authentication. |
generateVisitorTokens()
Generates visitor access and refresh tokens. Use this function when creating a session for visitors using the OAuth authentication strategy.
To generate an new tokens without checking whether the current access token is valid, use the renewToken()
function instead.
Syntax
1generateVisitorTokens(): Promise<Tokens>
Returns
getAuthHeaders()
Gets the client's authorization headers.
Syntax
1getAuthHeaders(): Promise< {headers: Record<string, string> }>
Returns
Authorization headers
getAuthUrl()
Gets a URL to use for Wix authentication.
Use this function when using Wix-managed login for members and the OAuth authentication strategy.
Call this function using the OAuthData
returned from the generateOAuthData()
function. The returned URL is used to redirect a visitor to Wix's authentication page. After authenticating, the visitor will be redirected to the redirectUri
specified in the oauthData
. After the redirect, the authorization code and the state parameter from the oauthData
are available as fragments appended to the redirectUri
and can be parsed using the parseFromUrl()
function.
Syntax
1getAuthUrl(oauthData: OauthData): Promise<{ authUrl: string }>
Parameters
Name | Type | Description |
---|---|---|
oAuthData | OauthData | OAuth data generated by the generateOAuthData() function. |
Returns
Name | Type | Description |
---|---|---|
authUrl | string | URL to redirect the browser to for Wix authentication. |
getMemberTokens()
Retrieves and authenticates a site member's access and refresh tokens.
Use this function when using Wix-managed login for members and the OAuth authentication strategy.
Typically, you call the getMemberTokens()
function on a login callback page after sending a visitor to authenticate on a Wix-managed login page. Use the OAuthData
stored locally after calling the generateOAuthData()
function and the information in the callback URL retrieved using the parseFromUrl()
function as the function arguments. To learn more, see Handle Members with Wix-Managed Login.
Syntax
1getMemberTokens(code: string, state: string, oauthData: OauthData ): Tokens
Parameters
Name | Type | Description |
---|---|---|
code | string | The authorization code appended to the callback page URI by the Wix server. Can retrieved using the parseFromUrl() function. |
state | string | The state parameter value appended to the callback page URI by the Wix server. Can retrieved using the parseFromUrl() function. |
oAuthData | OauthData | OAuth data generated by the generateOAuthData() function. |
Returns
getMemberTokensForDirectLogin()
Retrieves and authenticates site member's access and refresh tokens from a session token.
Use this function when using a custom login for members and the OAuth authentication strategy.
The getMemberTokensForDirectLogin()
function takes a session token returned from a successful call to the login()
, register()
, or processVerification()
functions. Use the session token to retrieve access and refresh tokens for the logged-in member and then call the setTokens()
function to set the tokens as the client's active tokens.
The getMemberTokensForDirectLogin()
function is used to get member tokens when using a custom login flow. To learn more, see Handle Members with Custom Login.
Syntax
1getMemberTokensForDirectLogin( sessionToken: string ): Tokens
Parameters
Name | Type | Description |
---|---|---|
sessionToken | string | The session token returned by a successful call to login() , register() , or processVerification() . |
Returns
getTokens()
Gets the active tokens from the client.
Use this function when using the OAuth authentication strategy.
Syntax
1getTokens(): Tokens
Returns
loggedIn()
Indicates whether the current visitor is a logged-in member.
Use this function when using the OAuth authentication strategy.
Syntax
1loggedIn(): boolean
Returns
Whether the current visitor is logged in.
login()
Logs in a existing member using an email address and password.
Use this function when using a custom login for members and the OAuth authentication strategy.
The login()
function is used to log members in when using a custom login flow. To learn more, see Handle Members with Custom Login.
Syntax
1login({email: string, password: string, captchaTokens?: { invisibleRecaptchaToken?: string; recaptchaToken?: string }}): Promise<StateMachine>
Parameters
LoginParams
Name | Type | Description |
---|---|---|
email | string | Member's email address |
password | string | Member's password |
[captchaTokens ] | CaptchaTokens | reCAPTCHA tokens |
Returns
logout()
Logs out the current logged-in site member.
Use this function when using the OAuth authentication strategy.
Syntax
1logout(originalUrl: string): Promise<{logoutUrl: string}>
Parameters
Name | Type | Description |
---|---|---|
originalUrl | string | The URL of the page where the logout request originated from. The browser is redirected to this page after logging out. |
Returns
Name | Type | Description |
---|---|---|
logoutUrl | string | URL to redirect the browser to in order to initiate the logout. |
parseFromUrl()
Parses the code
and state
fragments from the browser's current URL and returns them as an object.
Use this function when using Wix-managed login for members and the OAuth authentication strategy.
Typically, you call the parseFromUrl()
function on a login callback page after sending a visitor to authenticate on a Wix-managed login page. Use the returned data to check that the authentication was successful and as arguments when calling the getMemberTokens()
function. To learn more, see Handle Members with Wix-Managed Login.
Syntax
1parseFromUrl(): { code: string, state: string, error?: string, errorDescription?: string }
Returns
Name | Type | Description |
---|---|---|
code | string | The authorization code appended to the callback page URI by the Wix server. |
state | string | The state parameter value appended to the callback page URI by the Wix server. |
[error] | string | Error, if one occurs. |
[errorDescription] | string | Error description, if one occurs. |
processVerification()
Processes the verification code from a member.
Use this function when using a custom login for members and the OAuth authentication strategy.
The processVerification()
function continues the custom member login process when a member is required to provide a verification code.
If the loginState
property of the object returned by login()
or register()
is 'EMAIL_VERIFICATION_REQUIRED'
, an email containing a verification code is sent automatically to the member's email address. That verification code is used when calling processVerification()
to complete the login or registration process. To learn more, see Handle Members with Custom Login.
Syntax
1processVerification({ verificationCode: string }): Promise<StateMachine>
Returns
register()
Registers a new member using an email address and password.
Use this function when using a custom login for members and the OAuth authentication strategy.
The register()
function is used to register new members when using a custom registration flow. To learn more, see Handle Members with Custom Login.
Syntax
1register({email: string, password: string, profile?: authentication.IdentityProfile, captchaTokens?: { invisibleRecaptchaToken?: string; recaptchaToken?: string }}): Promise<StateMachine>
Parameters
RegisterParams
Name | Type | Description |
---|---|---|
email | string | Registering member's email address |
password | string | Registering member's password |
[profile ] | IdentityProfile | Optional details about the registering member |
[captchaTokens ] | CaptchaTokens | reCAPTCHA tokens |
Returns
renewToken()
Generate a new access token for an existing refresh token without checking whether the current access token is valid.
To generate a new access token only if the current access token is invalid, use the generateVisitorTokens()
function instead.
Syntax
1setTokens(tokens: Tokens): void
Parameters
sendPasswordResetEmail()
Sends a password reset email to a member.
The sendPasswordResetEmail()
function sends a member an email containing a customized link to a Wix-managed page where the member can set a new password for their account when using a custom login flow. To learn more, see Handle Members with Custom Login.
Syntax
1sendPasswordResetEmail(email: string, redirectUri: string): void
Parameters
RegisterParams
Name | Type | Description |
---|---|---|
email | string | Member's email address. |
redirectUri | string | The URI to redirect to after authentication/authorization. |
setTokens()
Sets tokens as the active tokens for the client.
Syntax
1setTokens(tokens: Tokens): void
Parameters
Properties
captchaVisibleSiteKey
Gets a Wix reCAPTCHA site key for use with a visible reCAPTCHA (string).
captchaInvisibleSiteKey
Gets a Wix reCAPTCHA site key for use with an invisible reCAPTCHA (string).
Objects
CaptchaTokens
Name | Type | Description |
---|---|---|
invisibleRecaptchaToken | string | Token for invisible reCAPTCHA |
recaptchaToken | string | Token for visible reCAPTCHA |
Tokens
Tokens.AccessToken
Name | Type | Description |
---|---|---|
value | string | Token string value. |
expiresAt | number | When the token expires. |
Tokens.RefreshToken
Name | Type | Description |
---|---|---|
value | string | Token string value. |
role | string | Token role. One of 'visitor' , 'member' , or 'none' |
StateMachine
Name | Type | Description |
---|---|---|
data | object | Session token for logged in member as {sessionToken: string} . |
loginState | string | One of: 'FAILURE' , 'EMAIL_VERIFICATION_REQUIRED' , 'OWNER_APPROVAL_REQUIRED' , 'SUCCESS' . |
errorCode | string | One of: 'invalidEmail' , 'invalidPassword' , 'resetPassword' , 'missingCaptchaToken' , 'emailAlreadyExists' , 'invalidCaptchaToken'. |
error | string | Error message. |
IdentityProfile
Name | Type | Description |
---|---|---|
firstName | string | First name. |
lastName | string | Last name. |
nickname | string | Nickname. |
picture | string | Picture. |
emails | string[] | Email addresses. |
phones | string[] | Phone numbers. |
labels | string[] | Labels. |
language | string | Language. |
privacyStatus | string | One of: 'UNDEFINED' , 'PUBLIC' , 'PRIVATE' |
customFields | object | Custom fields as an object where the keys are the field name and the values are the field values. |
Example
The following code creates a client that can make requests to the services module using the OAuth authentication strategy.
1import { createClient, OAuthStrategy } from '@wix/sdk';2import { services } from "@wix/bookings";3
4const myClient = createClient({5 modules: { services },6 auth: OAuthStrategy({7 clientId: '<CLIENT_ID>',8 })9});10
11const { items } = await myClient.services.queryServices().find();