smarcombes / hybridauth Goto Github PK
View Code? Open in Web Editor NEWA fork of project HybridAuth @ sourceforge
Home Page: http://hybridauth.sourceforge.net/
hybridauth's People
Stargazers
Watchers
hybridauth's Issues
Twitter must re-authorize
Everything looks good as far as I can tell with the app setup, but hybridauth seeks reauthorization on every login attempt. I suspect either a problem with the provider 3rd party file versions compared to the latest API, or some session management issues.
No access token for providers
Smarcombes -
Opening this to track the lack of access tokens across the library and to contribute what might help the effort...
I think it's great you managed to get the access token returned for the Facebook provider and we need this for al providers. I was working on the same thing from the sourceforge code, but took a different much more hacked up approach that you may find useful for some of the providers.
I captured the access token in the return session data for at least linkedin, facebook, and twitter by adding this to endpoint.php
…
try
{
Hybrid_Logger::debug( "Call [{$hauth->adapter->providerId}]::loginFinish(), received http request", $_REQUEST );
Hybrid_Auth::storage()->set( "hauth_session.return_request", $_REQUEST );
$hauth->adapter->loginFinish();
}
…
Then in each of provider scripts (test scripts) I simply add this to return the resulting array which exposes the access token and other possibly useful results.
<?php print json_encode(Hybrid_Auth::storage()->get( "hauth_session.return_request")); ?>
Perhaps this information can be revealed in a consistent way much like the profile information is returned with $provider_adapter->user(), maybe with some sort of mapping file that tells how each provider labels the token and supporting info in the $_REQUEST result? BTW - I'm unclear on the nature of this array… I mean I know it comes from the provider, but is it as GET , POST, or COOKIE? (I'm a bit of a PHP noob as you can tell).
Clearly your approach is much better since you're using the actual API. I just wonder if each API will make the access token and other credentials available via the api, or expect request token/secret use for every call...research should reveal that I guess.
One final question - Being new to the oAuth game, can we use the same access token for different end clients... in other words, store them on the server database and reuse no matter where the user logs in from in the future?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.