In Web based applications, there are various modules that always require secured authentication. In classical methodology, the registration and logging in to Web applications is integrated using the sign-up and sign-in pages, where the users access the Web services. This article explores HybridAuth, a PHP based open source social sign-on library.
The current trend is to integrate social login credentials. Users can sign-in and access a given Web application with their user name and password for social media sites as well as well-known applications like Google, Facebook, Twitter, LinkedIn, and many others. Thus, a user can create a new account on some websites.
There are many prominent social platforms that provide the APIs to access their authentication services at the back end. Using these services, developers can integrate and call the API code in their login page so that a user can log in with the authentication from a particular site. Thus, there is no need to create a separate account on every website. Such technology is known as social sign-on authentication.
Twitter, Facebook, Google, Yahoo Live, LinkedIn, AOL, MySpace, LiveJournal, QQ, Plurk, WordPress, Paypal, etc, provide social login so that developers can integrate the authentication API in their Web applications.
The advantages of social sign-on include the following:
- Mapping of the social media account into the other website
- Fast login without the need to register again on every website
- Access to the pre-validated account
- No need to share personal data on every website
- Linking of user profile and sharing interests
HybridAuth: PHP based open source social sign-on library
HybridAuth is a social sign-on library written in PHP to enable developers to build the login and authentication modules quickly. Using HybridAuth, the user profile, status information, friends lists and social information can be easily fetched using the APIs. These APIs and code modules can be used for back-end authentication from prominent servers including those of Google, Twitter, Facebook, Yahoo, GitHub and many others.
If such services and APIs are integrated in the website, then there is no need to create a separate user name because of the social sign-on modules, which enable signing on using other services.
HybridAuth can be downloaded from the URL https://github.com/hybridauth/hybridauth/releases.
Once the HybridAuth is downloaded, it is placed in the www directory of the WAMP server. If the developer is using XAMPP, the uncompressed directory can be placed in the htdocs folder. After that, the PHP script can be written to call the library of HybridAuth.
HybridAuth is enriched with enormous extensions and plugins, using which third party integration can be done. As HybridAuth is a PHP based library, there is excellent integration for prominent frameworks and content management systems (CMS). These plugins can be downloaded from http://hybridauth.sourceforge.net/plugins.html
The following is a classical sign-in script:
<?php session_start(); $myconfig = /mylib/config.php; require_once( mylib/Hybrid/Auth.php ); try{ $myhybridauth = new Hybrid_Auth( $myconfig ); $mytwitter = $myhybridauth->authenticate( Twitter ); $mytwitter_user_profile = $mytwitter->getUserProfile(); echo Connection Successful -> <b>{$mytwitter->id}</b><br />; echo As: <b>{$mytwitter_user_profile->displayName}</b><br />; echo User Identifier <b>{$mytwitter_user_profile->identifier}</b><br />; print_r( $mytwitter_user_profile ); $myaccountsettings = $mytwitter->api()->get( account/settings.json ); echo Twitter Account Settings . print_r( $myaccountsettings, true ); echo Logging out..; $mytwitter->logout(); } catch( Exception $myexception ){ switch( $myexception->getCode() ){ case 0 : echo Unspecified error; break; case 1 : echo Configuration error; break; case 2 : echo Provider not configured; break; case 3 : echo Unknown provider; break; case 4 : echo Application credentials not found; break; case 5 : echo Authentification failed. ; break; case 6 : echo User profile not found $mytwitter->logout(); break; case 7 : echo User not connected; $mytwitter->logout(); break; case 8 : echo Provider does not support this feature.; break; } echo <br /><br /><b>Original error message:</b> . $e->getMessage(); }
Fetching a user profile using HybridAuth
To fetch a user profile using HybridAuth, type the following code:
$myhybridauth = new Hybrid_Auth( $myconfig ); $myadapter = $myhybridauth->authenticate( Twitter ); $myuser_profile = $myadapter->getUserProfile(); echo Hello . $myuser_profile->displayName;
The following parameters/fields of the user profile can be fetched by using the Hybrid User Profile Object:
Updating user status
To update the users status, type the following code:
$myhybridauth = new Hybrid_Auth( $myconfig ); $myadapter = $myhybridauth->authenticate( "Twitter" ); $myadapter->setUserStatus( "Hello" );
For integration with Facebook, extra information can be added, as follows:
$myhybridauth = new Hybrid_Auth( $myconfig ); $myadapter = $myhybridauth->authenticate( "Facebook" ); $myadapter->setUserStatus( array( "message" => "", "link" => "", "picture" => "", ) );
Fetching the users contacts
To fetch the users contacts, use the following code:
$myhybridauth = new Hybrid_Auth( $myconfig ); $myadapter = $myhybridauth->authenticate( "Twitter" ); $myuser_contacts = $myadapter->getUserContacts(); foreach( $myuser_contacts as $mycontact ){ echo $mycontact->displayName . " " . $mycontact->profileURL . "<hr />"; }
Fields that can be fetched from the Hybrid_User_Contact object are:
- Identifier (Contact ID)
- profileURL
- webSiteURL
- photoURL
- displayName
- description
With similar implementations, the detailed dataset, profiles, tweets and posts can be fetched for further analysis.