I’d like to create endpoints for a login via a REST API for our site’s members. This way we can log users in from another device’s App (iOS, Android, etc.); allowing that user to access member specific pages without having to manually login.
Prefer a 2-legged approach with token validations, but open to see what is possible. There seems to already be (backend) functionality to generate a session token, but unfortunately it still requires inputs thereafter via UI (not possible via API) and not remotely. As an alternative to a REST-API, I have tried to inject javascript (from the App) to complete the log-in form and/or utilize a special function on such page, but pages on wix.com seem to prevent javascript injections.
I am able to successfully create the 1st part of the 2 legged approach, but the 2nd part (to actually login) fails due to prevention of using the ‘wix-users’ library from the “http-functions.js” file - and that file is the required file for exposing any APIs.
To clarify some more. I am able to create an endpoint (1st of 2) to get the sessionToken via ‘wix-users-backend’, but that ‘login()’ process requires to complete the login via client-side’s ‘applySessionToken()’. That is where to problem occurs, since it is Impossible to call that (‘applySessionToken()’), and therefore Impossible to create another endpoint utilizing ‘wix-users’ (or many other files/libraries too). Any attempt, for any connection (direct or indirect exposure) from the “http-functions.js” file (which is the file required (only file) to expose any endpoint), causes a Wix-Server Error (code = 500). I have tried many ways without success.
For those who want to see (working) code for the 1st leg, here you go:
// Sample URL Used (which works) https://www.mysite.com/_functions/apiForTokenForLogIn?userName=testUserName@mysite.com&password=anytestpassword
import wixUsers from 'wix-users-backend';
import { badRequest, forbidden, get, notFound, ok, response, use, serverError } from 'wix-http-functions';
export function get_apiForTokenForLogIn(request) {
let userName = String(request.query.userName);
let usersPassword = String(request.query.password);
return wixUsers.login(userName, usersPassword)
.then( (sessionToken) => {
let successReturnValueObject = {
headers: {
"Content-Type": "application/json"
},
body: {
"sessionToken": sessionToken,
// this is an estimated amount could be 120 secs
"expiry": "90.0",
}
};
return ok(successReturnValueObject);
})
.catch( (error) => {
let errorMessage = "could not access session token for user, since failed authentication.";
console.log(errorMessage);
let failedReturnValueObject = {
headers: {
"Content-Type": "application/json"
},
body: {
"errorMessage": errorMessage,
"error": String(error),
"userName": userName
}
};
return badRequest(failedReturnValueObject);
});
} // End of 'get_apiForTokenForLogIn' Function
… later I posted this for more Wix coding insights: https://www.wix.com/corvid/forum/community-discussion/member-s-login-session-token-help-better-wix-coding-from-lessons-learned