The Complete Magazine on Open Source

HybridAuth: An open source social sign-on library for web applications

, / 655 0


In Web based applications, there are various modules that always require secured authentication. In classical methodology, the registration and logging in to Web applications is integrated using the sign-up and sign-in pages, where the users access the Web services. This article explores HybridAuth, a PHP based open source social sign-on library.

The current trend is to integrate social login credentials. Users can sign-in and access a given Web application with their user name and password for social media sites as well as well-known applications like Google, Facebook, Twitter, LinkedIn, and many others. Thus, a user can create a new account on some websites.
There are many prominent social platforms that provide the APIs to access their authentication services at the back end. Using these services, developers can integrate and call the API code in their login page so that a user can log in with the authentication from a particular site. Thus, there is no need to create a separate account on every website. Such technology is known as social sign-on authentication.
Twitter, Facebook, Google, Yahoo Live, LinkedIn, AOL, MySpace, LiveJournal, QQ, Plurk, WordPress, Paypal, etc, provide social login so that developers can integrate the authentication API in their Web applications.
The advantages of social sign-on include the following:

  • Mapping of the social media account into the other website
  • Fast login without the need to register again on every website
  • Access to the pre-validated account
  • No need to share personal data on every website
  • Linking of user profile and sharing interests
Figure 1

Figure 1: Login page with social sign-on integration

HybridAuth: PHP based open source social sign-on library
HybridAuth is a social sign-on library written in PHP to enable developers to build the login and authentication modules quickly. Using HybridAuth, the user profile, status information, friends lists and social information can be easily fetched using the APIs. These APIs and code modules can be used for back-end authentication from prominent servers including those of Google, Twitter, Facebook, Yahoo, GitHub and many others.
If such services and APIs are integrated in the website, then there is no need to create a separate user name because of the social sign-on modules, which enable signing on using other services.
HybridAuth can be downloaded from the URL
Once the HybridAuth is downloaded, it is placed in the www directory of the WAMP server. If the developer is using XAMPP, the uncompressed directory can be placed in the htdocs folder. After that, the PHP script can be written to call the library of HybridAuth.
HybridAuth is enriched with enormous extensions and plugins, using which third party integration can be done. As HybridAuth is a PHP based library, there is excellent integration for prominent frameworks and content management systems (CMS). These plugins can be downloaded from
The following is a classical sign-in script:

$myconfig = ‘/mylib/config.php’;
require_once( “mylib/Hybrid/Auth.php” );
$myhybridauth = new Hybrid_Auth( $myconfig );
$mytwitter = $myhybridauth->authenticate( “Twitter” );

$mytwitter_user_profile = $mytwitter->getUserProfile();

echo “Connection Successful -> <b>{$mytwitter->id}</b><br />”;
echo “As: <b>{$mytwitter_user_profile->displayName}</b><br />”;
echo “User Identifier <b>{$mytwitter_user_profile->identifier}</b><br />”;

print_r( $mytwitter_user_profile );

$myaccountsettings = $mytwitter->api()->get( ‘account/settings.json’ );

echo “Twitter Account Settings “ . print_r( $myaccountsettings, true );

echo “Logging out..”;
catch( Exception $myexception ){
switch( $myexception->getCode() ){
case 0 : echo “Unspecified error”; break;
case 1 : echo “Configuration error”; break;
case 2 : echo “Provider not configured”; break;
case 3 : echo “Unknown provider”; break;
case 4 : echo “Application credentials not found”; break;
case 5 : echo “Authentification failed. “;
case 6 : echo “User profile not found”
case 7 : echo “User not connected”;
case 8 : echo “Provider does not support this feature.”; break;
echo “<br /><br /><b>Original error message:</b> “ . $e->getMessage();

Fetching a user profile using HybridAuth

To fetch a user profile using HybridAuth, type the following code:

$myhybridauth = new Hybrid_Auth( $myconfig );
$myadapter = $myhybridauth->authenticate( “Twitter” );
$myuser_profile = $myadapter->getUserProfile();
echo “Hello “ . $myuser_profile->displayName;

The following parameters/fields of the user profile can be fetched by using the Hybrid User Profile Object:

Updating user status
To update the user’s status, type the following code:

$myhybridauth = new Hybrid_Auth( $myconfig );
$myadapter = $myhybridauth->authenticate( "Twitter" );
$myadapter->setUserStatus( "Hello" );

For integration with Facebook, extra information can be added, as follows:

$myhybridauth = new Hybrid_Auth( $myconfig );
$myadapter = $myhybridauth->authenticate( "Facebook" );
"message" => "",
"link" => "",
"picture" => "",
Figure 2

Figure 2: HybridAuth website for social login integration

Figure 3

Figure 3: Plugins download and integration page of HybridAuth

Fetching the user’s contacts
To fetch the user’s contacts, use the following code:

$myhybridauth = new Hybrid_Auth( $myconfig );
$myadapter = $myhybridauth->authenticate( "Twitter" );
$myuser_contacts = $myadapter->getUserContacts();
foreach( $myuser_contacts as $mycontact ){
echo $mycontact->displayName . " " . $mycontact->profileURL . "<hr />";

Fields that can be fetched from the Hybrid_User_Contact object are:

  • Identifier (Contact ID)
  • profileURL
  • webSiteURL
  • photoURL
  • displayName
  • description
  • email

With similar implementations, the detailed dataset, profiles, tweets and posts can be fetched for further analysis.