So You’ve Decided To Make A Provider…

Built-in allauth providers are well-documented, but adding new ones can be tricky. I took some notes as a reminder to myself, and decided to share.

Making a Provider for Wix

Wix uses Oauth2 access and refresh tokens. Start by modifying another Oauth2 provider. In

from allauth.socialaccount.providers.base import ProviderAccount
from allauth.socialaccount.providers.oauth2.provider import OAuth2Provider

class WixAccount(ProviderAccount):

class WixProvider(OAuth2Provider):
    id = 'wix'
    name = 'Wix'
    account_class = WixAccount

    def extract_uid(self, data):
        return str(data['id'])

provider_classes = [WixProvider]

from allauth.socialaccount.providers.oauth2.urls import default_urlpatterns
from .provider import WixProvider

urlpatterns = default_urlpatterns(WixProvider)

Find the access URLs from the provider’s documentation. Like Wix, they may not be consistent. The authorize & access token URLs are unique, but you can pick any profile URL(s) with relevant details. Modify the header as needed – Wix uses the access token in the header as shown. In

from allauth.socialaccount.providers.oauth2.views import (

from .provider import WixProvider

class WixOAuth2Adapter(OAuth2Adapter):
    provider_id =
    access_token_url = ''
    authorize_url = ''
    profile_url = ''
    supports_state = True

    def complete_login(self, request, app, token, **kwargs):
        resp = requests.get(
            headers={'Authorization': token.token})
        return self.get_provider().sociallogin_from_response(
            request, extra_data

oauth2_login = OAuth2LoginView.adapter_view(WixOAuth2Adapter)
oauth2_callback = OAuth2CallbackView.adapter_view(WixOAuth2Adapter)

Due to an odd redirect, Wix needs a custom client. You may be able to use the default and omit this file,

import requests
from django.utils.http import urlencode

from allauth.socialaccount.providers.oauth2.client import (

class WixOAuth2Client(OAuth2Client):
    def get_access_token(self, code):
        resp =
            headers={'Content-Type': 'application/json'},
                'grant_type': 'authorization_code', # omit redirect_uri
                'client_id': self.consumer_key, # << add fields missing
                'client_secret': self.consumer_secret, # << from allauth
                'code': code
        access_token = None
        if resp.status_code in [200, 201]:
            access_token = resp.json()
        if not access_token or 'access_token' not in access_token:
            raise OAuth2Error(f'Wix access error: {resp.content}')
        return access_token

    def get_redirect_url(self, authorization_url, extra_params):
        params = {
            'appId': self.consumer_key, # instead of client_id
            'redirectUrl': self.callback_url # instead of redirect_uri
        if self.state:
            params['state'] = self.state
        return f'{authorization_url}?{urlencode(params)}'

Pick a field returned by the provider to use as the user ID. I opted for the user’s site name. In

class WixProvider(OAuth2Provider):
    def extract_uid(self, data):
        return str(data['site']['siteDisplayName'])

Extra data allows additional profile info. To get necessary Wix data, I make two calls at login. In

class WixOAuth2Adapter(OAuth2Adapter):
    def complete_login(self, request, app, token, **kwargs):
        resp = requests.get(
            headers={'Authorization': token.token}
        extra_data = resp.json()
        resp = requests.get(
            headers={'Authorization': token.token}
        return self.get_provider().sociallogin_from_response(
            request, extra_data

BONUS: Refresh token

Wix tokens persist for 5 minutes, but renew with a refresh token. While not part of the allauth provider, here’s a useful Wix token-refreshing decorator function. Use the decorator on any Wix API calls, and the token will refresh if needed.

from django.conf import settings
from functools import wraps
from rauth import OAuth2Service

def fresh_wix(func):
    'refresh Wix token if necessary'
    def fresh_func(self, *args):
        out = func(self, *args)
        if out.get('message') == 'internal error':
            return func(self, *args)
        return out
    return fresh_func

class WixAPI:
    def __init__(self, access_token, refresh_token): = {
            'client_id': settings.WIX_CLIENT_ID,
            'client_secret': settings.WIX_CLIENT_SECRET,
            'refresh_token': refresh_token,
            'grant_type': 'refresh_token'
        self.service = OAuth2Service(
        self.session = self.service.get_session(access_token)

    def refresh(self):
        data =
            headers={'Content-type': 'application/json'}
	).json()['refresh_token'] = data['refresh_token']
        self.session = self.service.get_session(data['access_token'])

    def do_stuff(self, url):
	return self.session.get(url) # Wix API call with fresh tokens

Find the code at github. Thanks for reading!

About scotty

Scotty Vercoe is an award-winning composer, performer, producer and activist.

Comments are closed.