OAuthStrategy

Warning: This strategy is only intended for use with Wix Headless.

This authentication strategy is used with a Wix Client to authenticate API calls using OAuth tokens.

When using this authentication strategy for an API request, the requester's identity is that of the corresponding visitor or member, and permissions are determined by their assigned roles. For more information, see Handle Visitors, Handle Members with Wix-Managed Login, Handle Members with a Custom Login Page, or Handle Members with Externally-Managed Login.

OAuthStrategy()

Creates an authentication strategy object that uses OAuth for visitor or member authentication.

Syntax

Copy
1

Parameters

NameTypeDescription
clientIdstringThe wix Headless client ID.
tokensTokensOptional. The access and refresh tokens to use for authentication.

Returns

OAuthStrategy

Functions

generateOAuthData()

Generates an object with all the data needed for an OAuth flow.

The generateOAuthData() function creates OAuth data. You can use the generated data when sending visitors to a Wix-managed login page. Typically, you generate the OAuth data on the page that requests the login. The returned data is stored locally to be used later on the login callback page. To learn more, see Handle Members with Wix-Managed Login.

Syntax

Copy
1

Parameters

NameTypeDescription
redirectUristringThe URI to redirect to after authentication is complete.
[originalUri]stringThe URL of the page where the authentication request originated from. This can be used to redirect back from the callback page.

Returns

OauthData

NameTypeDescription
statestringA randomized string to be used in the OAuth flow.
redirectUristringThe URI to redirect to after authentication is complete.
originalUrlstringThe URL of the page where the authentication request originated from. This can be used to redirect back from the callback page if there is an authentication error.
codeVerifierstringA randomized string to use for PKCE authentication.
codeChallengestringA SHA256 hash of codeVerifier to use for PKCE authentication.

generateVisitorTokens()

Generates visitor access and refresh tokens. Use this function when creating a session for visitors using the OAuth authentication strategy.

To generate an new tokens without checking whether the current access token is valid, use the renewToken() function instead.

Syntax

Copy
1

Returns

Tokens

getAuthHeaders()

Gets the client's authorization headers.

Syntax

Copy
1

Returns

Authorization headers

getAuthUrl()

Gets a URL to use for Wix authentication.

Use this function when using Wix-managed login for members and the OAuth authentication strategy.

Call this function using the OAuthData returned from the generateOAuthData() function. The returned URL is used to redirect a visitor to Wix's authentication page. After authenticating, the visitor will be redirected to the redirectUri specified in the oauthData. After the redirect, the authorization code and the state parameter from the oauthData are available as fragments appended to the redirectUri and can be parsed using the parseFromUrl() function.

Syntax

Copy
1

Parameters

NameTypeDescription
oAuthDataOauthDataOAuth data generated by the generateOAuthData() function.

Returns

NameTypeDescription
authUrlstringURL to redirect the browser to for Wix authentication.

getMemberTokens()

Retrieves and authenticates a site member's access and refresh tokens.

Use this function when using Wix-managed login for members and the OAuth authentication strategy.

Typically, you call the getMemberTokens() function on a login callback page after sending a visitor to authenticate on a Wix-managed login page. Use the OAuthData stored locally after calling the generateOAuthData() function and the information in the callback URL retrieved using the parseFromUrl() function as the function arguments. To learn more, see Handle Members with Wix-Managed Login.

Syntax

Copy
1

Parameters

NameTypeDescription
codestringThe authorization code appended to the callback page URI by the Wix server. Can retrieved using the parseFromUrl() function.
statestringThe state parameter value appended to the callback page URI by the Wix server. Can retrieved using the parseFromUrl() function.
oAuthDataOauthDataOAuth data generated by the generateOAuthData() function.

Returns

Tokens

getMemberTokensForDirectLogin()

Retrieves and authenticates site member's access and refresh tokens from a session token.

Use this function when using a custom login page for members and the OAuth authentication strategy.

The getMemberTokensForDirectLogin() function takes a session token returned from a successful call to the login(), register(), or processVerification() functions. Use the session token to retrieve access and refresh tokens for the logged-in member and then call the setTokens() function to set the tokens as the client's active tokens.

The getMemberTokensForDirectLogin() function is used to get member tokens when using a custom login page flow. To learn more, see Handle Members with a Custom Login Page.

Syntax

Copy
1

Parameters

NameTypeDescription
sessionTokenstringThe session token returned by a successful call to login(), register(), or processVerification().

Returns

Tokens

getMemberTokensForExternalLogin()

Retrieves and authenticates site member's access and refresh tokens given a member ID.

Use this function when using an external login provider for members.

A member ID can be retrieved with the Wix Members API queryMembers() function, using any externally identifiable field (e.g. email, phone number, etc.).

The getMemberTokensForExternalLogin() function takes a member ID and an API key with permissions for Wix Contacts & Members. This is an administrative API function bypasses the need for a session token. Make sure you call it from a secure environment.

The getMemberTokensForExternalLogin() function is used to get member tokens when using an external identity provider login flow. To learn more, see Handle Members with Externally-Managed Login.

Syntax

Copy
1

Parameters

NameTypeDescription
memberIdstringMember ID.
apiKeystringAPI key with permissions for Wix Contacts & Members.

Returns

Tokens

getTokens()

Gets the active tokens from the client.

Use this function when using the OAuth authentication strategy.

Syntax

Copy
1

Returns

Tokens

loggedIn()

Indicates whether the current visitor is a logged-in member.

Use this function when using the OAuth authentication strategy.

Syntax

Copy
1

Returns

Whether the current visitor is logged in.

login()

Logs in a existing member using an email address and password.

Use this function when using a custom login page for members and the OAuth authentication strategy.

The login() function is used to log members in when using a custom login page flow. To learn more, see Handle Members with a Custom Login Page.

Syntax

Copy
1

Parameters

LoginParams

NameTypeDescription
emailstringMember's email address
passwordstringMember's password
[captchaTokens]CaptchaTokensreCAPTCHA tokens

Returns

StateMachine

logout()

Logs out the current logged-in site member.

Use this function when using the OAuth authentication strategy.

Syntax

Copy
1

Parameters

NameTypeDescription
originalUrlstringThe URL of the page where the logout request originated from. The browser is redirected to this page after logging out.

Returns

NameTypeDescription
logoutUrlstringURL to redirect the browser to in order to initiate the logout.

parseFromUrl()

Parses the code and state fragments from the browser's current URL and returns them as an object.

Use this function when using Wix-managed login for members and the OAuth authentication strategy.

Typically, you call the parseFromUrl() function on a login callback page after sending a visitor to authenticate on a Wix-managed login page. Use the returned data to check that the authentication was successful and as arguments when calling the getMemberTokens() function. To learn more, see Handle Members with Wix-Managed Login.

Syntax

Copy
1

Returns

NameTypeDescription
codestringThe authorization code appended to the callback page URI by the Wix server.
statestringThe state parameter value appended to the callback page URI by the Wix server.
[error]stringError, if one occurs.
[errorDescription]stringError description, if one occurs.

processVerification()

Processes the verification code from a member.

Use this function when using a custom login page for members and the OAuth authentication strategy.

The processVerification() function continues the custom member login process when a member is required to provide a verification code.

If the loginState property of the object returned by login() or register() is 'EMAIL_VERIFICATION_REQUIRED', an email containing a verification code is sent automatically to the member's email address. That verification code is used when calling processVerification() to complete the login or registration process. To learn more, see Handle Members with a Custom Login Page.

Syntax

Copy
1

Returns

StateMachine

register()

Registers a new member using an email address and password.

Use this function when using a custom login page for members and the OAuth authentication strategy.

The register() function is used to register new members when using a custom registration flow. To learn more, see Handle Members with a Custom Login Page.

Syntax

Copy
1

Parameters

RegisterParams

NameTypeDescription
emailstringRegistering member's email address
passwordstringRegistering member's password
[profile]IdentityProfileOptional details about the registering member
[captchaTokens]CaptchaTokensreCAPTCHA tokens

Returns

StateMachine

renewToken()

Generate a new access token for an existing refresh token without checking whether the current access token is valid.

To generate a new access token only if the current access token is invalid, use the generateVisitorTokens() function instead.

Syntax

Copy
1

Parameters

Tokens

sendPasswordResetEmail()

Sends a password reset email to a member.

The sendPasswordResetEmail() function sends a member an email containing a customized link to a Wix-managed page where the member can set a new password for their account when using a custom login page flow. To learn more, see Handle Members with a Custom Login Page.

Syntax

Copy
1

Parameters

RegisterParams

NameTypeDescription
emailstringMember's email address.
redirectUristringThe URI to redirect to after authentication/authorization.

setTokens()

Sets tokens as the active tokens for the client.

Syntax

Copy
1

Parameters

Tokens

Properties

captchaVisibleSiteKey

Gets a Wix reCAPTCHA site key for use with a visible reCAPTCHA (string).

captchaInvisibleSiteKey

Gets a Wix reCAPTCHA site key for use with an invisible reCAPTCHA (string).

Objects

CaptchaTokens

NameTypeDescription
invisibleRecaptchaTokenstringToken for invisible reCAPTCHA
recaptchaTokenstringToken for visible reCAPTCHA

Tokens

Tokens.AccessToken

NameTypeDescription
valuestringToken string value.
expiresAtnumberWhen the token expires.

Tokens.RefreshToken

NameTypeDescription
valuestringToken string value.
rolestringToken role. One of 'visitor', 'member', or 'none'

StateMachine

NameTypeDescription
dataobjectSession token for logged in member as {sessionToken: string}.
loginStatestringOne of: 'FAILURE', 'EMAIL_VERIFICATION_REQUIRED', 'OWNER_APPROVAL_REQUIRED', 'SUCCESS'.
errorCodestringOne of: 'invalidEmail', 'invalidPassword', 'resetPassword', 'missingCaptchaToken', 'emailAlreadyExists', 'invalidCaptchaToken'.
errorstringError message.

IdentityProfile

NameTypeDescription
firstNamestringFirst name.
lastNamestringLast name.
nicknamestringNickname.
picturestringPicture.
emailsstring[]Email addresses.
phonesstring[]Phone numbers.
labelsstring[]Labels.
languagestringLanguage.
privacyStatusstringOne of: 'UNDEFINED', 'PUBLIC', 'PRIVATE'
customFieldsobjectCustom fields as an object where the keys are the field name and the values are the field values.

Example

The following code creates a client that can make requests to the services module using the OAuth authentication strategy.

Copy
1
Was this helpful?
Yes
No