To make this flow, WeWork will provide to Wix redirect url and we in return will give them app id and app secret.
WeWork client will open new tab to:
https://users.wix.com/signin/oauth?loginDialogContext=signup&appId=[appId]&state=[csrfToken]&scope=Billing.Manage&redirectUri=[redirectUri]&color=wework&defaultEmail=[email]
appId = the app id we provided
defaultEmail = email to be filled in our login page
redirectUri = one of the pre-registered redirect URLs
csrfToken = a csrf token that WeWork will need to generate and store (probably inside a session) so they can compare with the returning 'state' to protect from cross site request forgery
After we authenticate the user, we will redirect to the pre-registered redirect URI followed by code=[authorizationCode]&state=[csrfToken]
csrf_token = The value WeWork provided in the request (explained above)
authorizationCode = authorization code that will be valid for 1 minute
WeWork will send a POST request to:
https://www.wix.com/oauth/refreshTokens
BODY =>
{
"appId":"[appId]",
"appSecret":"[appSecret]",
"authorizationCode":"[authorizationCode]"
}
appId = the app id we provided
appSecret = the app secret we provided
authorizationCode = the authorization code we provided in phase 1
We will return a JSON containing access token and refresh token:
{
"accessToken":"[accessToken]",
"refreshToken":"[refreshToken]"
}
Send a POST request to:
https://www.wix.com/oauth/accessTokens
BODY =>
{
"appId":"[appId]",
"appSecret":"[appSecret]",
"refreshToken":"[refreshToken]"
}
appId = the app id we provided
appSecret = the app secret we provided
refreshToken = the refresh token we provided in step 2
We will return a JSON containing access token and expiration:
{
"accessToken":"[accessToken]",
"expiration":"[expiration]"
}