User Authentication
If you’re new to Hybridauth, you may want to start with the Introduction to get a general overview of the library and its basic usage. This section will tackle user authentication in more detail.
User Authentication:
In the following example we’ll demonstrate how to sign in a user with Google and how to retrieve their profile using Hybridauth in 4 simple steps. In addition we’ll discuss all possible configuration parameters, required or otherwise.
/** * 1. Build the adapter configuration array */ $config = [ /** * Required: Callback URL * * The callback url is the location where a provider (Google in this case) will redirect the use once they * authenticate and authorize your application. * * For this example we choose to come back to this same script, however in your project you'll have to you need to * replace it with the valid url to yours. * * For convenience, Hybridauth provides an utility function `Hybridauth\HttpClient\Util::getCurrentUrl()` that can * generate the current page url for you and you can use it for the callback. */ 'callback' => 'http://localhost/path/to/this/script.php', /** * Required*: Application credentials * * A set of keys used by providers to identify your website and only required by those using OAuth 1 and OAuth 2. To acquire * these you'll have to register an application on provider's site. In the case of Google for instance you can refer to * https://support.google.com/cloud/answer/6158849 */ 'keys' => [ 'id' => 'your-google-client-id', 'secret' => 'your-google-client-secret' ], /** * Optional: Custom Scope * * Providers using OAuth 2 will requires to know the scope of the authorization a user is going to give to your * application, and Hybridauth's adapters will request a limited scope by default, however you may specify a custom * value to overwrite default ones. */ 'scope' => 'https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email', /** * Optional: Custom Provider's API end points * * Hybridauth allows you to overwrite all the provider's API end point, which might be useful in some cases like when * there is a need to use a different API version for example. */ 'endpoints' => [ 'api_base_url' => 'https://www.googleapis.com/plus/v1/', 'authorize_url' => 'https://accounts.google.com/o/oauth2/auth', 'access_token_url' => 'https://accounts.google.com/o/oauth2/token', ], /** * Optional: Custom Provider's Authorize Url Parameters * * Certain providers enables you to customize the authorization url which you can optionality pass in adapter's config * as an associative array. */ 'authorize_url_parameters' => [ 'approval_prompt' => 'force', 'access_type' => 'offline', 'hd' => .., 'state' => .., // And so on. ], /** * Optional: Debug Mode * * The debug mode is set to false by default, however you can rise its level to either 'info', 'debug' or 'error'. * * debug_mode: false|info|debug|error * debug_file: Path to file writeable by the web server. Required if only 'debug_mode' is not false. */ 'debug_mode' => false, 'debug_file' => __FILE__ . '.log', /** * Optional: CURL Settings * * For more information, refer to: http://www.php.net/manual/function.curl-setopt.php */ 'curl_options' => [ // Set a custom certificate CURLOPT_SSL_VERIFYPEER => true, CURLOPT_CAINFO => '/path/to/your/certificate.crt', // Set a valid proxy address CURLOPT_PROXY => '8.8.8.8', // Set a custom user agent CURLOPT_USERAGENT => 'User Agent String' // And so on. ] ]; /** * 2. Instantiate Google adapter using the configuration array we built */ $adapter = new Hybridauth\Provider\Google($config); /** * 3. Sign in a user with Google * * Hybridauth will attempt to negotiate with the Google api and authenticate the user. * This call will basically do one of 3 things... * 1) Redirect (with exit) away to show an authentication screen for a provider (e.g. Facebook's OAuth confirmation page) * 2) Finalize an incoming authentication and store access data in a session * 3) Confirm a session exists and do nothing * If for whatever reason the process fails, Hybridauth will then throw an exception. * * Note that if the user is already authenticated, then any subsequent call to this method will be ignored. */ $adapter->authenticate(); /** * Retrieve OAuth 1 / OAuth 2 Access Tokens * * These access tokens can be stored to database and later used to restore user's session. */ $accessToken = $adapter->getAccessToken(); /** * 4. Perform actions in behalf of connected user * * At this point the authentication process has succeeded, and we can proceed with our application logic. For example we may * attempt to retrieve the user profile. */ $userProfile = $adapter->getUserProfile();
Authenticating User Using Access Tokens
Authenticating a user using access tokens is a similar to normal way of signing in users except for step 3 where we’ll feed the adapter the said tokens instead of redirecting the user to provider’s website for authentication/authorization.
/** * 1. Build the adapter configuration array */ $config = [ /** * Location where to redirect users once they authenticate with Google */ 'callback' => 'http://localhost/path/to/this/script.php', /** * Your Google application credentials */ 'keys' => ['id' => 'your-google-client-id', 'secret' => 'your-google-client-secret'], ]; /** * 2. Instantiate Google adapter using the configuration array we built */ $adapter = new Hybridauth\Provider\Google($config); /** * 3. Restore OAuth 1 / OAuth 2 Access Tokens * * Instead of calling `Adapter::authenticate()` as we'd normally do, here we simply feed the adapter any stored access tokens * we have. In case the access tokens we used has been revoked or expired, the provider's will reject the connection, and * Hybridauth will throw an exception. * * Note that these tokens should be the same format and content returned by `Adapter::getAccessToken()` */ $adapter->setAccessToken($accessToken); /** * 4. Perform actions in behalf of connected user * * For example we may go ahead and attempt to retrieve the user profile. */ $userProfile = $adapter->getUserProfile();