Warning: This strategy is only intended for use with Wix Headless.
This authentication strategy is used with a Wix Client
to authenticate API calls using OAuth tokens.
When using this authentication strategy for an API request, the requester's identity is that of the corresponding visitor or member, and permissions are determined by their assigned roles. For more information, see Handle Visitors, Handle Members with Wix-Managed Login, Handle Members with a Custom Login Page, or Handle Members with Externally-Managed Login.
Creates an authentication strategy object that uses OAuth for visitor or member authentication.
1
Name | Type | Description |
---|---|---|
clientId | string | The wix Headless client ID. |
tokens | Tokens | Optional. The access and refresh tokens to use for authentication. |
OAuthStrategy
Generates an object with all the data needed for an OAuth flow.
The generateOAuthData()
function creates OAuth data. You can use the generated data when sending visitors to a Wix-managed login page. Typically, you generate the OAuth data on the page that requests the login. The returned data is stored locally to be used later on the login callback page. To learn more, see Handle Members with Wix-Managed Login.
1
Name | Type | Description |
---|---|---|
redirectUri | string | The URI to redirect to after authentication is complete. |
[originalUri] | string | The URL of the page where the authentication request originated from. This can be used to redirect back from the callback page. |
OauthData
Name | Type | Description |
---|---|---|
state | string | A randomized string to be used in the OAuth flow. |
redirectUri | string | The URI to redirect to after authentication is complete. |
originalUrl | string | The URL of the page where the authentication request originated from. This can be used to redirect back from the callback page if there is an authentication error. |
codeVerifier | string | A randomized string to use for PKCE authentication. |
codeChallenge | string | A SHA256 hash of codeVerifier to use for PKCE authentication. |
Generates visitor access and refresh tokens. Use this function when creating a session for visitors using the OAuth authentication strategy.
To generate an new tokens without checking whether the current access token is valid, use the renewToken()
function instead.
1
Gets the client's authorization headers.
1
Authorization headers
Gets a URL to use for Wix authentication.
Use this function when using Wix-managed login for members and the OAuth authentication strategy.
Call this function using the OAuthData
returned from the generateOAuthData()
function. The returned URL is used to redirect a visitor to Wix's authentication page. After authenticating, the visitor will be redirected to the redirectUri
specified in the oauthData
. After the redirect, the authorization code and the state parameter from the oauthData
are available as fragments appended to the redirectUri
and can be parsed using the parseFromUrl()
function.
1
Name | Type | Description |
---|---|---|
oAuthData | OauthData | OAuth data generated by the generateOAuthData() function. |
Name | Type | Description |
---|---|---|
authUrl | string | URL to redirect the browser to for Wix authentication. |
Retrieves and authenticates a site member's access and refresh tokens.
Use this function when using Wix-managed login for members and the OAuth authentication strategy.
Typically, you call the getMemberTokens()
function on a login callback page after sending a visitor to authenticate on a Wix-managed login page. Use the OAuthData
stored locally after calling the generateOAuthData()
function and the information in the callback URL retrieved using the parseFromUrl()
function as the function arguments. To learn more, see Handle Members with Wix-Managed Login.
1
Name | Type | Description |
---|---|---|
code | string | The authorization code appended to the callback page URI by the Wix server. Can retrieved using the parseFromUrl() function. |
state | string | The state parameter value appended to the callback page URI by the Wix server. Can retrieved using the parseFromUrl() function. |
oAuthData | OauthData | OAuth data generated by the generateOAuthData() function. |
Retrieves and authenticates site member's access and refresh tokens from a session token.
Use this function when using a custom login page for members and the OAuth authentication strategy.
The getMemberTokensForDirectLogin()
function takes a session token returned from a successful call to the login()
, register()
, or processVerification()
functions. Use the session token to retrieve access and refresh tokens for the logged-in member and then call the setTokens()
function to set the tokens as the client's active tokens.
The getMemberTokensForDirectLogin()
function is used to get member tokens when using a custom login page flow. To learn more, see Handle Members with a Custom Login Page.
1
Name | Type | Description |
---|---|---|
sessionToken | string | The session token returned by a successful call to login() , register() , or processVerification() . |
Retrieves and authenticates site member's access and refresh tokens given a member ID.
Use this function when using an external login provider for members.
A member ID can be retrieved with the Wix Members API queryMembers()
function, using any externally identifiable field (e.g. email, phone number, etc.).
The getMemberTokensForExternalLogin()
function takes a member ID and an API key with permissions for Wix Contacts & Members. This is an administrative API function bypasses the need for a session token. Make sure you call it from a secure environment.
The getMemberTokensForExternalLogin()
function is used to get member tokens when using an external identity provider login flow. To learn more, see Handle Members with Externally-Managed Login.
1
Name | Type | Description |
---|---|---|
memberId | string | Member ID. |
apiKey | string | API key with permissions for Wix Contacts & Members. |
Gets the active tokens from the client.
Use this function when using the OAuth authentication strategy.
1
Indicates whether the current visitor is a logged-in member.
Use this function when using the OAuth authentication strategy.
1
Whether the current visitor is logged in.
Logs in a existing member using an email address and password.
Use this function when using a custom login page for members and the OAuth authentication strategy.
The login()
function is used to log members in when using a custom login page flow. To learn more, see Handle Members with a Custom Login Page.
1
LoginParams
Name | Type | Description |
---|---|---|
email | string | Member's email address |
password | string | Member's password |
[captchaTokens ] | CaptchaTokens | reCAPTCHA tokens |
Logs out the current logged-in site member.
Use this function when using the OAuth authentication strategy.
1
Name | Type | Description |
---|---|---|
originalUrl | string | The URL of the page where the logout request originated from. The browser is redirected to this page after logging out. |
Name | Type | Description |
---|---|---|
logoutUrl | string | URL to redirect the browser to in order to initiate the logout. |
Parses the code
and state
fragments from the browser's current URL and returns them as an object.
Use this function when using Wix-managed login for members and the OAuth authentication strategy.
Typically, you call the parseFromUrl()
function on a login callback page after sending a visitor to authenticate on a Wix-managed login page. Use the returned data to check that the authentication was successful and as arguments when calling the getMemberTokens()
function. To learn more, see Handle Members with Wix-Managed Login.
1
Name | Type | Description |
---|---|---|
code | string | The authorization code appended to the callback page URI by the Wix server. |
state | string | The state parameter value appended to the callback page URI by the Wix server. |
[error] | string | Error, if one occurs. |
[errorDescription] | string | Error description, if one occurs. |
Processes the verification code from a member.
Use this function when using a custom login page for members and the OAuth authentication strategy.
The processVerification()
function continues the custom member login process when a member is required to provide a verification code.
If the loginState
property of the object returned by login()
or register()
is 'EMAIL_VERIFICATION_REQUIRED'
, an email containing a verification code is sent automatically to the member's email address. That verification code is used when calling processVerification()
to complete the login or registration process. To learn more, see Handle Members with a Custom Login Page.
1
Registers a new member using an email address and password.
Use this function when using a custom login page for members and the OAuth authentication strategy.
The register()
function is used to register new members when using a custom registration flow. To learn more, see Handle Members with a Custom Login Page.
1
RegisterParams
Name | Type | Description |
---|---|---|
email | string | Registering member's email address |
password | string | Registering member's password |
[profile ] | IdentityProfile | Optional details about the registering member |
[captchaTokens ] | CaptchaTokens | reCAPTCHA tokens |
Generate a new access token for an existing refresh token without checking whether the current access token is valid.
To generate a new access token only if the current access token is invalid, use the generateVisitorTokens()
function instead.
1
Sends a password reset email to a member.
The sendPasswordResetEmail()
function sends a member an email containing a customized link to a Wix-managed page where the member can set a new password for their account when using a custom login page flow. To learn more, see Handle Members with a Custom Login Page.
1
RegisterParams
Name | Type | Description |
---|---|---|
email | string | Member's email address. |
redirectUri | string | The URI to redirect to after authentication/authorization. |
Sets tokens as the active tokens for the client.
1
Gets a Wix reCAPTCHA site key for use with a visible reCAPTCHA (string).
Gets a Wix reCAPTCHA site key for use with an invisible reCAPTCHA (string).
Name | Type | Description |
---|---|---|
invisibleRecaptchaToken | string | Token for invisible reCAPTCHA |
recaptchaToken | string | Token for visible reCAPTCHA |
Tokens.AccessToken
Name | Type | Description |
---|---|---|
value | string | Token string value. |
expiresAt | number | When the token expires. |
Tokens.RefreshToken
Name | Type | Description |
---|---|---|
value | string | Token string value. |
role | string | Token role. One of 'visitor' , 'member' , or 'none' |
Name | Type | Description |
---|---|---|
data | object | Session token for logged in member as {sessionToken: string} . |
loginState | string | One of: 'FAILURE' , 'EMAIL_VERIFICATION_REQUIRED' , 'OWNER_APPROVAL_REQUIRED' , 'SUCCESS' . |
errorCode | string | One of: 'invalidEmail' , 'invalidPassword' , 'resetPassword' , 'missingCaptchaToken' , 'emailAlreadyExists' , 'invalidCaptchaToken'. |
error | string | Error message. |
Name | Type | Description |
---|---|---|
firstName | string | First name. |
lastName | string | Last name. |
nickname | string | Nickname. |
picture | string | Picture. |
emails | string[] | Email addresses. |
phones | string[] | Phone numbers. |
labels | string[] | Labels. |
language | string | Language. |
privacyStatus | string | One of: 'UNDEFINED' , 'PUBLIC' , 'PRIVATE' |
customFields | object | Custom fields as an object where the keys are the field name and the values are the field values. |
The following code creates a client that can make requests to the services module using the OAuth authentication strategy.
1