[SOLVED] Why does my Wix OAuth installer redirect to "undefined" instead of my redirect URL?

Why does my Wix OAuth installer redirect to "undefined" instead of my redirect URL?

I'm building an external application, that needs access to the contacts from a Wix site. To do so, I must obtain an access token and refresh token to use the Wix Contacts REST API.

Following the custom-authentication-legacy documentation, I created an app in the Wix Developer Console. I configured both the AppUrl and the RedirectURL to be my external app domain https://example.com, and I obtained the appId and appSecret.

In my external application, I implemented the OAuth flow as follows:

Step 1: When a user clicks on "Activate Wix," my app redirects them to https://www.wix.com/installer/install with the following query parameters:

appId (set to my Wix app ID) state (some state token, e.g., our internal id_token) redirectUrl (set to https://example.com) On Wix’s side, the user is then prompted to choose a Wix site to install the app and to accept the permissions.

async function wix_activate() {
    const id_token = oauth.get_tokens().id_token;

    // Build the base URL
    const baseUrl = "https://www.wix.com/installer/install";
    const appId = <MyAppId>;
    const redirectUrl = "https://example.com";

    if (!baseUrl || !appId || !redirectUrl ) {
       console.error('OAuth params not configured');
       return;
    }

    // Build the query parameters
    const params = new URLSearchParams({
       appId: appId,
       state: id_token,
       redirectUrl: redirectUrl,
    });

    // Construct the final URL
    const url = `${baseUrl}?${params.toString()}`;
    console.log('OAuth URL:', url);

    // Open the popup
    const popup_activate = window.open(url);
}

Step 2: According to the docs, after the user consents, they should be redirected back to https://example.com?code=%5C%5C%5C%5C%5C%5C\<AUTH_CODE>. and to handle it I added these lines:

async function init() {
   
    const query = new window.URLSearchParams(window.location.search);
    if (query.has('code')) {
       const queryParams = {};
       for (const [key, value] of query.entries()) {
          queryParams[key] = value;
       }
       console.log(queryParams);
      
      //send an http request to my callback in the backend
    }
}

However, instead of that, I'm getting redirected to a URL like: https://www.wix.com/installer/undefined which results in a 404 error.

I've verified that the parameters I send match the documentation. My expectation is that after a successful installation, Wix would redirect to my provided redirectUrl with an authorization code. Instead, I get a redirect to "undefined."

Questions:

What could be causing Wix to generate a URL with "undefined" in place of the expected redirect URL? Is there any additional parameter or configuration needed on the Wix Developer Console for this flow to work correctly? Are there known issues with the custom-authentication-legacy flow that might lead to this behavior? Any help or guidance to debug this OAuth flow would be appreciated!

Solution

The error was caused by the widget in Wix Blocks. One workaround is to delete the widget in block editor

Steps:

Go to the app’s home page and click “Edit in Blocks”.
Delete the widget: