hybridauth / hybridauth Goto Github PK

Open source social sign on PHP Library. HybridAuth goal is to act as an abstract api between your application and various social apis and identities providers such as Facebook, Twitter and Google.

Home Page: https://hybridauth.github.io/

License: Other

HTML 0.01% PHP 100.00%

php social-login social-networks facebook twitter google hybridauth

hybridauth's Introduction

Hybridauth 3.11

Hybridauth enables developers to easily build social applications and tools to engage websites visitors and customers on a social level that starts off with social sign-in and extends to social sharing, users profiles, friends lists, activities streams, status updates and more.

The main goal of Hybridauth is to act as an abstract API between your application and the various social networks APIs and identities providers such as Facebook, Twitter and Google.

Usage

Hybridauth provides a number of basic examples. You can also find complete Hybridauth documentation at https://hybridauth.github.io

$config = [
    'callback' => 'https://example.com/path/to/script.php',
    'keys' => [
        'key' => 'your-twitter-consumer-key',
        'secret' => 'your-twitter-consumer-secret',
    ],
];

try {
    $twitter = new Hybridauth\Provider\Twitter($config);

    $twitter->authenticate();

    $accessToken = $twitter->getAccessToken();
    $userProfile = $twitter->getUserProfile();
    $apiResponse = $twitter->apiRequest('statuses/home_timeline.json');
}
catch (\Exception $e) {
    echo 'Oops, we ran into an issue! ' . $e->getMessage();
}

Requirements

PHP 5.4+
PHP Session
PHP cURL

Installation

To install Hybridauth we recommend Composer, the now defacto dependency manager for PHP. Alternatively, you can download and use the latest release available at Github.

Versions Status

Version	Status	Repository	Documentation	PHP Version
2.x	Maintenance	v2	v2	>= 5.3
3.x	Development	v3	v3	>= 5.4
4.x	Future	--	--	>= 7.3

Questions, Help and Support?

For general questions (i.e, "how-to" questions), please consider using StackOverflow instead of the Github issues tracker. For convenience, we also have a [low-activity] Gitter channel if you want to get help directly from the community.

License

Hybridauth PHP Library is released under the terms of MIT License.

For the full Copyright Notice and Disclaimer, see COPYING.md.

hybridauth's People

Contributors

Stargazers

Watchers

Forkers

ajbatac billortell rwohleb anirupdutta olivine-labs taytus fahey erkan-yilmaz niqo dovy hanicker timjrobinson beefs azram19 sebilasse mohitmayank rohittt vinaykumard neerajdad shaan360 prtung8888 hiroooo mnishihan dowith naonak kvijay webago do9iigane g-adolph hadiboo prplhaz4 navinparray fedetorre alexkoltun evandotpro socalnick xbreaker santaklouse 2bj nowaym krienas oniz93 eleiva surajjaiswal gmusa interestingforked eznj joelrsimpson contextworks purefan govaniso synodinos romulo1984 gauravmishra280295 digi3studio alan01252 gboer gadelkareem wcpinho webguru-in-ua jasondavis pmuralikrishna111 mcarv63 viruthagiri mirocow epokmedia bluemooninc floupie ahommel weierophinney skygate dorongutman zarbfab wfaulk andacata ryannmicua geraldoandradee guillaumem69 kh411d mindon sylvainparis megazoll iignatov saas786 heiglandreas bjoernschotte nekoro535 u2sonderzug vietphu rafiqbd hz-labs ahmadnaserturnkeysolutions jancis andrew13 italoveloso c4tom durenk pstora rskuipers aymen-mouelhi

hybridauth's Issues

Issue with using HybridAuth on a proxy server

If my upstream proxy supports https and my server does not support https. When logging in with Facebook the return url is generated as https://www.domain.com:80/myconnector which generates a SSL error. The error is related to the code in "public static function getCurrentUrl( $request_uri = true ) "

My server vars are
$_SERVER["HTTPS"] = 1;
$_SERVER["HTTP_HOST"] = 'www.domain.com';
$_SERVER["HTTP_X_FORWARDED_PROTO"] = 'https';
$_SERVER["HTTP_X_FORWARDED_HOST"] = 'www.domain.com';
$_SERVER["HTTP_X_FORWARDED_SERVER"] = 'www.domain.com';
$_SERVER["SERVER_PORT"] = 80;
$_SERVER["SERVER_NAME"] = 'www.domain.com';

No JSON API support for LinkedIn

I noticed that the /thirdparty/LinkedIn.php has support for using JSON, but the /Providers/LinkedIn.php does not support it which is kind of a bummer. Any chance of supporting it in the future?

Thanks!

hybrid auth - with YII framework

Hi .. i am using YII framework to build in a new web app..and now i want to integrate hybrid auth into my YII code.. i cant find any extension for YII users.. pls help me out as it is needed asap.. also please let me know .. if we can modify the cake extension for hybridauth to YII and how do do that .. as i am a basic programmer ..

Thanks in advance

Rathan

Additional provider: vk.com

Hi,

It would be very nice if among additional providers vk.com (also called vKontakte ) would be available. This social network is very popular in certain post-communist countries, such as Russia, Ukraine, Belorus, Kazakhstan.

Adding PayPal as provider?

I have already requested this on hybridauth's Google Groups and posting here as I think the Google Group may not be an appropriate section for the request

I would like to have "PayPal oAuth Login" in the list of providers. JanRain,Gigya and many other third party solutions already support PayPal as login provider.

This is that much important for any website owner because PayPal login system is legit and much secure. So it does have serious users and not a chance for spam logins. If we implement PayPal as login provider to website, we only get serious users and no spam as I guess. Other networks are next to PayPal in having serious users

Does any one have Idea if that is possible with HybridAuth?

Thanks !

RFC: Refactoring / 3.0 - PSR-0, Composer, and more...

I'd like to propose that a new branch be "officially" started, possibly as a beginning to a 3.0 release.

Upgrade to PSR-0 and (possibly) namespaces -- I can understand the argument against making 5.3 a requirement (Edit: To carify, the extra adapters do not conform to PSR-0 and are astonishingly annoying to set up autoloading for properly in the context of other projects due to the hard-coded require_once statemnts in HybridAuth.)
Implement some coding standards
Remove all the static usage in favor of real OOP practices
Add official composer/packagist support
Make it overall more friendly for integration with projects and frameworks
Unit tests

Yes, I could fork and just start working on it, but I'd prefer to get upstream support from the project and users so that it can hopefully be a more collaborative effort if there's sufficient interest.

Thoughts?

reconsider implementation of getCurrentUrl() in Hybrid_Auth

getCurrentUrl currently use $_SERVER['SERVER_NAME'] to detect server name, however the variable is not as secure as its name implies, under certain server setup is can either be empty or worse, be populated from $_SERVER['HTTP_HOST'], which is spoofable by client.

see reference:

http://www.php.net/manual/en/reserved.variables.server.php#85759 (comment by Tonin)
http://stackoverflow.com/questions/1459739/php-serverhttp-host-vs-serverserver-name-am-i-understanding-the-ma/

As mentioned in the SO topic, this might open up potential domain rebinding attack, where an attacker first point any spoofing domain to your server IP (so cookie is set under that domain), then change the DNS again to steal cookie (in our case, the oauth token as well).

There are many ways to mitigate this attack vector, but that require server config change where many admin may ignore. My suggestion would be to use the domain in base_url as white list, or add a variable to do filtering.

PS: I discover this when working on my local testing site:

http://hybridauth.sourceforge.net/support.html?place=topic%2Fhybridauth%2F9VVuGl_gMOE%2Fdiscussion

No file error in install script

When you post data to install script, it's tries to open file config.php.tpl, but in my case it wasn't there, so I fixed this with adding $GLOBAL_HYBRID_AUTH_PATH_BASE to the path on 199 line:

$CONFIG_TEMPLATE = file_get_contents( $GLOBAL_HYBRID_AUTH_PATH_BASE."/Hybrid/resources/config.php.tpl" );

Create version branches

Hi,

First of all thanks for your work.

I intend to include your lib into a Symfony2 Bundle, could it be possible to create version branches on github so we can always fetch with git the latest stable release ?

Thanks

Is it possible to change the callback url?

I'm wondering if there is a way that I can change the callback URL for hybridauth? For example:

User hits this url: http://domain.com/auth/
It redirects the user to the auth provider
User accepts / signs in / etc
provider redirects back to: http://domain.com/auth/

What I want to be able to do is specify where the provide should redirect the user back to. Is this possible?

Yandex returns 400

When using Yandex authoriastion it return 400 redirect_uri_mismatch, when &scope= is appended to the URL, and it's appended by default.

The solution is to check for scope being set up in Provider_Model_OAuth2.php

// redirect the user to the provider authentication url
        if (@$this->scope?:0) {
            Hybrid_Auth::redirect( $this->api->authorizeUrl( array( "scope" => $this->scope ) ) ); 
        } else Hybrid_Auth::redirect( $this->api->authorizeUrl( ) ); ```

Composition over Inheritance

I think the providers should implement an interface instead of (or in addition) to extending a core provider class. Testing and Extending your library would become easier.

Custom Exception class and cast methods needed

Hello,

What's plagued me in integrating this since I've started are the lack of cast methods and defined exceptions in the library. Allow me to explain:

Because there is no list of exceptions will happen, I can never plan to handle them correctly until I see them in the wild. Sure, I can catch them, but handling them on a per exception type basis isn't possible. It would make development infinitely less complex to have the exception codes / types stored as constants in a custom exception class, and then those exceptions could not only be planned for, but also the types would show up as code completion options. Here's an example:

class Hybrid_Exception{
const AUTH_SERVICE_FAILURE = 'AUTH_SERVICE_FAILURE';
const CONFIGURATION_ERROR = 'CONFIGURATION_ERROR';
...
}

throw new Hybrid_Exception('The Authorization Service has return: invalid_grant' in ...', Hybrid_Exception::AUTH_SERVICE_FAILURE, $p);

try{
Hybrid_Endpoint::process();
} catch(Hybrid_Exception $E){
switch($E->getCode()){
case Hybrid_Exception::AUTH_SERVICE_FAILURE:
//... handle this case
break;
// ... etc
}
}

Next up, accessing profile data from HA requests. During development, I spend my time dancing between documentation and the IDE. In addition to this annoyance, the interpreter in my IDE can't validate the properties in the objects I'm requesting in any way. Unfortunately, HA breaks proper OOP best practices by failing to encapsulate data properly by allowing public access to private variables. This causes maintainability errors and also gives no feedback to developers as they write code which makes their code more prone to error. What I recommend is that HA can leave these values public, while marking them as deprecated in the code comment blocks, and incorporates an interface or object class which can be used to guarantee access to these getter accessor methods, and that a cast method be put in place so that the returned profile objects can be type cast for development. This would make development much, much more robust and can allow the IDE to sniff out problems that the developer could miss during a code update. It is also trivial in effort to implement.

Here is another example:

class Hybrid_User{
// Code completion support through casting
public static function cast(Hybrid_User $Hybrid_User){ return $Hybrid_User; }
public function getUserProfile(){ return Hybrid_User_Profile::cast($this->profile); }
}

class Hybrid_User_Profile{
// Code completion support through casting
public static function cast(Hybrid_User_Profile $Hybrid_User_Profile){ return $Hybrid_User_Profile; }
// ... then you'd just need the getter / setter methods for the data
}

class Hybrid_Providers_Facebook extends Hybrid_Provider_Model{
// ...
function getUserProfile(){
// ...
return Hybrid_User_Profile::cast($this->user->profile);
}
}

And in the code the developer would write, they would then have code completion options when they called for the getUserProfile() method. Hope this makes sense. I've been writing code this way for ages and it really helps workflow and limits unplanned errors.

Is it only me or everyone getting errors like Authentification failed. The user has canceled the authentication or the provider refused the connection

I tested with google, facebook and twitter. But none of them were working. All throwing errors.

Google:

Once the user click Allow access button it returns

Facebook:

Twitter:

Other PHP warnings

Warning: Illegal string offset 'php_session_id' in C:..\Hybrid\Storage.php on line 30

Warning: Illegal string offset 'version' in C:..\Hybrid\Storage.php on line 30

When session is not yet initialised, it gives this warnings..

You can fix it by adding line before it: if(!is_array($_SESSION["HA::CONFIG"])) $_SESSION["HA::CONFIG"] = array();

Support Twitter oauth/authorize to access direct messages

Twitter changed their API last year so that if we authenticate using oauth/authenticate, we do not have access to the account's direct messages. To do so, we need to authenticate using oauth/authorize.

I think we should add a flag to the configuration so that the Twitter Provider can choose between oauth/authenticate or oauth/authorize.

Hybrid_Providers_Yandex: empty profile

When authenticated with Yandex, I've got almost empty profile, just 'identifier' and 'photoURL' have been filled. Besides photoURL is configured by Hybrid_Providers_Yandex but not returned by yandex.ru site. No displayName, no birthday etc.

does it is a bug with Facebook Provider?

Hello everybody,

Today, I found this very useful library and I would like to thank you all for this project!

Lets talk about the Bug I found today...

As you know Facebook avoid applications under plain http, we must to use HTTPS to let the application runs correctly.

Reading this guide: http://hybridauth.sourceforge.net/userguide/IDProvider_info_Facebook.html I noticed that the callback has http://" instead of https://

We can't use a callback like this, so I used the same URL changing http in https.

(http://www.example.com/social/?hauth.done=Google)

(https://www.example.com/social/?hauth.done=Google)

Facebook saves it, but authentication() method send the request without https so Facebook return me an error because the request and the callback I saved in the control panel do not match.

Is there a method/property to force using https? or is this a issue?

Thank you for the support!

Yahoo and AOL not work in case safe_mode or open_basedir is on

Hi,

It seems that I found a bug: in case safe_mode or open_basedir is on Yahoo and AOL not work.

After some enquiry into the code I found this.

In the file LightOpenID.php there is function "discover" which calls the function "request" in this line:

$headers = $this->request($url, 'HEAD', array(), true);

Inside the function "request" the code branches accoording to the presence of safe_mode or open_basedir:

if (function_exists('curl_init')
            && (!in_array('https', stream_get_wrappers()) || !ini_get('safe_mode') && !ini_get('open_basedir'))
        ) {
            return $this->request_curl($url, $method, $params, $update_claimed_id);
        }
        return $this->request_streams($url, $method, $params, $update_claimed_id);

The function "request_curl" and the function "request_streams" return very different results. The function "request_curl", which runs when safe_mode and open_basedir are off returns correct result for Yahoo:

array(13) {
  ["date"]=>
  string(29) "Tue, 13 Mar 2012 14:26:58 GMT"
  ["location"]=>
  string(29) "http://www.yahoo.com/?s=https"
  ["cache-control"]=>
  string(7) "private"
  ["connection"]=>
  string(10) "keep-alive"
  ["content-type"]=>
  string(24) "text/html; charset=utf-8"
  ["p3p"]=>
  string(209) "policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV""
  ["vary"]=>
  string(22) "Accept,Accept-Encoding"
  ["x-xrds-location"]=>
  string(59) "http://open.login.yahooapis.com/openid20/www.yahoo.com/xrds"
  ["last-modified"]=>
  string(29) "Wed, 09 Nov 2011 15:00:01 GMT"
  ["accept-ranges"]=>
  string(5) "bytes"
  ["content-length"]=>
  string(5) "17590"
  ["age"]=>
  string(1) "0"
  ["server"]=>
  string(10) "YTS/1.20.0"
}

But the function "request_streams" which runs when safe_mode or open_basedir is on returns incorrect results thus preventing to connect with Yahoo:

array(5) {
  ["date"]=>
  string(29) "Tue, 13 Mar 2012 14:31:05 GMT"
  ["location"]=>
  string(29) "http://www.yahoo.com/?s=https"
  ["cache-control"]=>
  string(7) "private"
  ["connection"]=>
  string(5) "close"
  ["content-type"]=>
  string(24) "text/html; charset=utf-8"
}

What might be fix or workaround for this?

Please add Composer support

Hello,

I've just noticed that your library doesn't have support for Composer.
Could you please add the support for it? http://packagist.org/about

Thank you.

Kind regards.

Add an option to set facebook login window type

Hi,

Just wondering if you could add an option for facebook to set 'display' => 'popup'.

Do not block PECL OAuth extension

Many of us cannot modify our php configuration.
We need to code a workaround to not throw an exception when the PECL OAuth extension is installed. There must be a way to simply "not use it" instead blocking.

Facebook user removes app, Hybrid_Providers_Facebook doesn't get proper user access token when trying to add again; infinite redirecting ensues

It only happens in some cases. Facebook redirects back with a valid access_token, but the loginFinish call to $this->api->getAccessToken() returns the application token and not the user token.

Meaning $this->token('access_token') returns application token "[APP_ID]|[SECRET_KEY]" instead of really user access code "AAACEdEose...A8pZBAZDZD" (see line 352 of base_facebook.php)

I was able to patch it two ways.

Method 1: (you have control over, but isn't as clean)

hybridauth/Hybrid/Providers/Facebook.php line 95 change:

$this->token( "access_token", $this->api->getAccessToken() );

TO:

if ( isset($_GET['code']) ) {
$this->token( "access_token", $this->api->getAccessTokenFromCode($_GET['code']) );
} else {
$this->token( "access_token", $this->api->getAccessToken() );
}

Method 2: (in Facebook php sdk library; which you don't have control over)

hybridauth/Hybrid/thirdparty/Facebook/base_facebook.php change:

$access_token = $this->getAccessTokenFromCode($code, '');

TO:

$access_token = $this->getAccessTokenFromCode($code);

Not sure if these are the correct fixes though, since I'm really new to this library. Any ideas?

Notice: Undefined index: HA::STORE

Notice: Undefined index: HA::STORE in vendor\hybridauth\hybridauth\hybridauth\Hybrid\Storage.php on line 43

session_name('');

If you've changed the session name with session_name() function, the hybridauth won't run giving you 'You cannot access this page directly' error.
Please make a note how to fix it in the docs (e.g. place the session_name() call in the hybridauth/index.php)

Notice policy?

Hi! I was trying to get my Windows Live Mail contacts with an email without contacts, and i get a php notice.

The notice:
Notice: Undefined property: stdClass::$error in /home/dev/lib/ext/hybridauth/Providers/Live.php on line 89

The Call stack
#2 Hybrid_Providers_Live->getUserContacts() called at [/home/dev/lib/ext/hybridauth/Provider_Adapter.php:191]
#3 Hybrid_Provider_Adapter->__call()
#4 Hybrid_Provider_Adapter->getUserContacts() called at [/home/dev/modules/hauth/Ctrl/hauthCtrl.class.php:88]

The content of $response in getUserContacts:
object(stdClass)#31 (1) { ["data"]=> array(0) { } }

I've edited Live.php line 88
if ( !$response->data && ( $response->error != 0 ) )
by
if ( !$response->data && ( isset($response->error) && $response->error != 0 ) )

Idem for yahoo

Notice: Undefined property: stdClass::$contact in /home/dev/lib/ext/hybridauth/Providers/Yahoo.php on line 104
#2 Hybrid_Providers_Yahoo->getUserContacts() called at [/home/dev/lib/ext/hybridauth/Provider_Adapter.php:191]
#3 Hybrid_Provider_Adapter->__call()
#4 Hybrid_Provider_Adapter->getUserContacts() called at [/home/dev/modules/hauth/Ctrl/hauthCtrl.class.php:88]

I've edited Yahoo.php line 104:
if ( !$response->contacts->contact && ( $response->errcode != 0 ) )
by
if ( !isset($response->contacts) || !$response->contacts->contact && ( $response->errcode != 0 ) )

For yahoo, the default configuration script make a mistake, i've got an error "Key undefined". We need to replace the "id" by "key" in the config.php where the yahoo id is.

Verify certificate in CURL call

What do you guys think about adding certificate verification to the library (https://dev.twitter.com/docs/security/using-ssl)? This will prevent man in the middle attacks and seems to be quite straight forward to implement:

curl_setopt($connection, CURLOPT_SSL_VERIFYHOST, True);
curl_setopt($connection, CURLOPT_CAINFO, "path:/ca-bundle.crt");

Then we simply need to point to a path containing valid certificates.

FB Login/Registration Web Services

Hi,

I have this simple question on usage of this plugin in Elgg.

Lets say i have an app on iPhone and a web presence too.
User registers using FB on iPhone and i make elgg web service call to create the user.

Now lets say same user comes to web and he uses exact same FB account to login/register to the system.

How can i ensure that plugin reconciles these 2 accounts instead of creating a new one?

Are there any web services exposed for FB, with which i should be creating these new users coming from FB on iPhone?

Expand on differences between hybridauth and opauth

I'm a little new to this realm, and I'm trying to wrap my mind around why there seem to be two different projects with the same aims. Nothing inherently wrong with having two competitors, of course, but very difficult to determine where features or vision or approach might diverge.

Would anyone be able to explain any differences as they see them, and perhaps we could document it somewhere and have both projects link to it? I could open a quora question if that seems like a more neutral ground with better SEO :)

Thanks!

cc'ing recent/top contributors to opauth: @uzyn @sirikkoster @ClayMM @LubosRemplik @pborreli

illegal string offset

using the latest version of PHP, I get this error:
Illegal string offset 'php_session_id'

Hybrid/Storage.php(30)

public function config($key, $value=null) 26 { 27 $key = strtolower( $key ); 28 29 if( $value ){ 30 $_SESSION["HA::CONFIG"][$key] = serialize( $value ); 31 } 32 elseif( isset( $_SESSION["HA::CONFIG"][$key] ) ){ 33 return unserialize( $_SESSION["HA::CONFIG"][$key] ); 34 } 35 36 return NULL; 37 }

I read online that new versions of PHP discourage using keys without quotes?

Request: Add method to Hybrid_Provider_Adapter to export session data per provider

Hello. I have a larger system which handles logins from different libraries and stores each of them in their own record. I've been integrating HyrbidAuth in, however it's built to quickly dump all session data in HA::STORE out instead of just the data associated to the provider in question.

A method to dump out the session data per provider would mean i could keep that abstraction of data in HybridAuth and not in my own code. Would definitely be handy. I don't always want to fire up all the connections every page request.

Thoughts?

Error when serializing exception in php 5.3

In 5.3 this particular statement causes an error Serialization of 'Closure' is not allowed in Storage class when trying to serialize the previous exception instance.

I got it when using OpenID provider for google and on the google page selecting "No thanks" instead of allowing access.

PHP Warnings

Notice: Undefined index: keys in ..\Hybrid\Provider_Model_OAuth2.php on line 56

if ( ! $this->config["keys"]["id"] || ! $this->config["keys"]["secret"] ){

can be fixed with

if ( ! isset($this->config["keys"]["id"]) || ! isset( $this->config["keys"]["secret"])){

One question about persistent sessions

Hello everyone

I have read this part http://hybridauth.sourceforge.net/userguide/HybridAuth_Sessions.html

I have one question though

I checked google's session data. I see refresh token only when the user connected first time. Later sessions doesn't contain refresh tokens.

So Do I have to update session data everytime or first time session data is enough?

Work history and education

Hello,

First of all, congrats on a very useful and well written library. I'd like to contribute by developing a couple of new features we need:

Hybrid_Provider_Model->getUserWorkHistory()
Hybrid_Provider_Model->getUserEducation()

These would work in a similar way to getUserProfile and getUserContacts. The initial implementation will be for Facebook/Linkedin

Sorin

PHP error "Undefined index: proxy" in 2.10 for OpenId and AOL

In config there is no variable "proxy".

Because of this when trying to connect to AOL or OpenId PHP error "Undefined index: proxy" is being outputted for OpenId and AOL.

Adding "proxy" variable to config solves the issue.

getUserActivity() can not return a link/video and comments at the same time (Facebook provider)

In Hybridauth/hybrid/Providers/Facebook.php:

the function getUserActivity() can not return a post with a link/video and comments, only the comment it's return.

if( $item["type"] == "link" ){
$ua->text = (array_key_exists("link",$item))?$item["link"]:"";
}

.......

if( empty( $ua->text ) && isset( $item["message"] ) ){
$ua->text = (array_key_exists("message",$item))?$item["message"]:"";
}

Make Hybridauth mockable

As the title says, currently Hybridauth class is not easily mockable, since the class is declared as final.

Is there any reason for that? Simply removing the word final solves every problem.

nginx + hybrid auth = infinite redirect

Hi, I'm trying to setup hybridauth to work with nginx, but for some reason when I hit the "hello world" example, it just loops inifinitely and nginx stops the redirects. There is some type of redirect feedback loop happening between the server and php.

Do you have any sample web server configuations?

Thanks!

setZendDbAdapter missing in ModuleOptions

If you try to enable
'zend_db_adapter' => 'Zend\Db\Adapter\Adapter' in file scn-social-auth.global.php you get an error because method setZendDbAdapter is missing in ModuleOptions

Updated: I'm sorry I have posted in the wrong git project :/
ignore this post

Can't login via facebook.

Hi
I can't login via facebook.
"Authentification failed. The user has canceled the authentication or the provider refused the connection."

What i doing wrong?

CSRF state token does not match one provided

Hi guys,
sometimes I get this error when users try to login into my website with Facebook. How can I log this? How can I resolve this error?

Thanks,
Oniz

$_SERVER['HTTP_HOST'] contains Port Number

The php variable $_SERVER['HTTP_HOST'] contains a port number of webserver, so if the server configuration is not a default the Hybridauth/Auth.php getCurrentUrl( $request_uri = true ) methood return a bad url. It duplicate the port number in the url. (eg. portNumber = 8808 --> getCurrentUrl returns localhost:8808:8808)

Google Provider

Hi,

in HybridAuth ver 2.0.8, there was no need to register with the goodle api services to authenticate custom websites with Google Auth.

I have tried to upgrade today the version to the newest 2.1.2, but i need now the google api key.

Because I do not want to use google api key because i have various systems on various domains, i would like to stick with the previous system where there was no need for the api key and google just verified it by the domain name..

Is this option still available in 2.1.2, or is this the dead end?

Thank you for the answer

Vkontakte refresh_token bug

Vkontake doesnt provide refresh_token while using OAuth, so method Hybrid_Provider_Model_OAuth2::refreshToken never tries to refresh it.

More than, Vkonkate provides access_token only 1 hour expiration time.

So, if you will try to call Hybrid_Providers_Vkontakte::getUserProfile after 1 hour, it will always throws an exception and never will even try to refresh token or logout.

tumblr problems and write

Hey there,

is there a reason, why tumblr provider does not support posting ?
tumblr API v2 supports it and if the only reason is laziness ;) I would like to contribute it.

For me Tumblr provider did not work, always returns

User profile request failed. Most likely the user is not connected to the provider and he should to authenticate again.

Original error message: User profile request failed! Tumblr returned an error while requesting the user profile.

2-legged OAuth

Is there any way to implement a 2-legged Oauth using for example the Google Provider
https://developers.google.com/accounts/docs/OAuth#GoogleAppsOAuth

Check service case when trying to autenticate

During a deploy on my server I've seen that trying to autenticate via 'twitter' on localhost (mac with case-unsensitive fs) works fine, on remote linux server gives:

Class '\Hybridauth\Provider\twitter\twitterAdapter' not found in /var/www/site/releases/20130301081407/vendor/hybridauth/hybridauth/src/Hybridauth/Adapter/AdapterFactory.php on line 61

so maybe there should be some normalization on the service name?

EDIT: The issue was with the config which had lowercase service names.

Update Live provider to OAuth2

Per: http://msdn.microsoft.com/en-us/library/live/hh243647.aspx

The live connect provider is now available as OAuth2...this will simplify/standardize the way resources are consumed from different providers within HybridAuth (and get rid of the proprietary WRAP implementation)

Support New Provider (SoundCloud)

SoundCloud Docs - authentication

<?php
require_once 'Services/Soundcloud.php';

// create client object with app credentials
$client = new Services_Soundcloud(
  'CLIENT_ID', 'CLIENT_SECRET', 'REDIRECT_URL');

// redirect user to authorize URL
header("Location: " . $client->getAuthorizeUrl());

hybridauth / hybridauth Goto Github PK

hybridauth's Introduction

Hybridauth 3.11

Usage

Requirements

Installation

Versions Status

Questions, Help and Support?

License

hybridauth's People

Contributors

Stargazers

Watchers

Forkers

hybridauth's Issues

Recommend Projects

Recommend Topics

Recommend Org

Jobs