New Tutorial: Using OAuth for Single Sign On

Hi,

This tutorial is to authenticate the users to log them in to Wix members so your website will work exactly the same whether they log in with their email and password or Google account.

Hi Ed,

I have a new issue.

Everything is working except that the information that signs up the member only includes their email, it doesn't populate the members given name, family name and profile picture. is there something I might be doing wrong or a way to adapt your code to include everything?

Hi All,

We've made a small update to OAuth SSO example to increase security.

In theory, someone could intercept the URL with the session token that was returned to your browser, paste it into another browser and get logged in.

To prevent this we have added a randomly generated state variable, that is saved by your browser before you are forwarded to the OAuth provider to sign in. This state variable is present in the query params along with the session token in the returned URL.

In order to be logged in, the sate variable in the returned URL must match the saved state variable in your browser.

If someone copied the URL, they wont have the correct state variable in saved in their browser and therefore, wont be able to log in.

Search on the word "state" in the code to see the changes.

Hi, this is great! Thank you so much. I'm very close to having this on my site. I'm having trouble with the redirect and the get_getAuth. I don't fully understand why it's defined as get_getAuth but the redirect is getAuth. I'm newish to coding so please be gentle with me 😅. Here is the page I'm starting from: https://www.Interactiveeventseu.com/freelancer-signup

Hi Ed,

I think its worth mentioning in the doc that the redirect appends a `#` to the end of the URL on the final page so its necessary to keep the token clean by adding a `&profilepic=${profilePicture}` as mentioned in the doc or any other parameter so that the token is not invalidated.