New Tutorial: Using OAuth for Single Sign On

Ever wanted to let your site members “Sign in with Google” , or Facebook, or Twitter… ?
Allowing your members to sign in with an existing account increases the rate of sign up. No additional passwords to remember, just click the button and you’re in.

Check out this new tutorial for Using OAuth SSO with Corvid and we’ll show you how to do it. It’s easier than you think.

Hi Ed,

I think its worth mentioning in the doc that the redirect appends a **#** to the end of the URL on the final page so its necessary to keep the token clean by adding a **&profilepic=${profilePicture}** as mentioned in the doc or any other parameter so that the token is not invalidated.

2 Likes

Hi, this is great! Thank you so much. I’m very close to having this on my site. I’m having trouble with the redirect and the get_getAuth. I don’t fully understand why it’s defined as get_getAuth but the redirect is getAuth. I’m newish to coding so please be gentle with me :sweat_smile:. Here is the page I’m starting from: https://www.Interactiveeventseu.com /freelancer-signup

Hey Dom,
Glad to hear you like the article. So cool to see that this is doable by a “newish to coding” developer. The get_ tells the Wix backend that the function handles get requests and the function name is getAuth. (maybe I could have called it genAuth to avoid confusion). Google calls this with a get as opposed to to a put or a post. Externally you dont expose the get_ prefix.
Have a look at wix-http-functions for a good explanation.

1 Like

Thanks Ed! I’ve worked it out. It was all just because I created the http-functions in public folder rather than the backend!! face palm.
Thanks again though. It’s such a powerful tool to use a custom sign up and you’ve made it possible for a newbie like me. Massive thumbs up!

Hi All,

We’ve made a small update to OAuth SSO example to increase security.

In theory, someone could intercept the URL with the session token that was returned to your browser, paste it into another browser and get logged in.

To prevent this we have added a randomly generated state variable, that is saved by your browser before you are forwarded to the OAuth provider to sign in. This state variable is present in the query params along with the session token in the returned URL.

In order to be logged in, the sate variable in the returned URL must match the saved state variable in your browser.

If someone copied the URL, they wont have the correct state variable in saved in their browser and therefore, wont be able to log in.

Search on the word “state” in the code to see the changes.

Hi Ed,
I have a new issue.
Everything is working except that the information that signs up the member only includes their email, it doesn’t populate the members given name, family name and profile picture. is there something I might be doing wrong or a way to adapt your code to include everything?

Hi there, were you able to resolve the issue?

Hi,
This tutorial is to authenticate the users to log them in to Wix members so your website will work exactly the same whether they log in with their email and password or Google account.