HybridAuth: OAuth and OpenID made easy
23 March 2012
Social media integration is becoming more and more common on websites these days. Visitors want to be able to log in using their Facebook, Google and Twitter accounts and site owners want to give their visitors the possibility to tell other people about their site on these social media.
Implementing these possibilities on your website requires knowledge of the OpenID and OAuth protocols, as well as specifics each site might have done differently than the standard. Once you start programming it, the code has a tendency to be a lot of copy-paste work with just small differences, and that isn’t making your code very clear.
As with a lot of programming problems there is a free, open-source solution: HybridAuth. HybridAuth tries to take away all specifics for the seperate social media sites and gives you a generic way of authenticating users to these sites while also providing API-access where applicable.
I think things like this are usually better explained with a piece of code(the code is inspired by examples from the HybridAuth website):
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 | <?php $config = dirname(__FILE__) . '/library/config.php'; // this config contains things like tokens and what providers are enabled require_once './library/Hybrid/Auth.php'; try { $hybridauth = new Hybrid_Auth($config); /* * When the user is not authenticated this redirects that user to the twitter authentication page. * Twitter then sends the user back to this page * If the user is already authenticated it simply goes on to the next line of code. */ $provider = $hybridauth->authenticate('Twitter'); $user_profile = $provider->getUserProfile(); // getUserProfile() is available for every "provider" and contains basic information like the displayName and where allowed by the user: the e-mail address echo 'Hi there! ' . $user_profile->displayName; $provider->setUserStatus('Hello world!'); // This is an example of API-access, this specific function(getUserStatus()) is available in more providers $account_totals = $provider->api()->get('account/totals.json'); // You can also directly call the api of a provider by using $provider->api() $user_contacts = $provider->getUserContacts(); // getUserContacts() is available in most providers, and does what it says: it gets the users friends/contacts } catch(Exception $e) { echo 'Ooops, we got an error: ' . $e->getMessage(); } ?> |
Now what if we want to do exactly the same, but for Facebook? That’s actually quite simple: the ONLY line we have to edit is the line that says:
1 | $provider = $hybridauth->authenticate('Twitter'); |
and change it to
1 | $provider = $hybridauth->authenticate('Facebook'); |
It really is that simple.
But does HybridAuth only support Facebook, Twitter and Google then? No, it supports way more, a list of all supported providers as of 23 march 2012:
- OpenID
- Yahoo
- MySpace
- Windows Live
- Foursquare
- AOL
And there is even an additional providers package available for download which adds support for:
- Github
- Gowalla
- LastFM
- Vimeo
- Viadeo
- Identica
- Tumblr
- Goodreads
- Sina
- Murmur
- Pixnet
- Plurk
That is 23 different providers(counting OpenID as only 1 provider, even though multiple sites supports that). And even if you want your visitors to be able to login using another provider, it’s quite simple to add support for that, especially if that provider has OAuth support.
So does this HybridAuth library also have disadvantages?
The answer to that is: yes. But that doesn’t mean the library is useless. The biggest disadvantages I’ve found are:
- If you plan to use it in a framework or CMS that abstracts for example the $_SESSION variable, it requires more fiddling than it seems at first sight to get it working. Even though there is a Storage class which you can easily edit to use something else than $_SESSION, the Storage class is not always used for storage, sometimes $_SESSION is hardcoded.
- There are some small bugs that can still be quite annoying, and since the library seems to be largely maintained by one person it can take some time before the bug is solved in the main release.
For me these disadvantages don’t weigh up to the advantages. And if they don’t for you: just make a pull request at the Github page and fix it.
If you want to know more about HybridAuth you can visit the website: http://hybridauth.sourceforge.net/, which also has some documentation on how to use it.
MySQL performance nightmares: Solr to the rescue
11 May 2011
For almost a year we have worked very hard on a huge project: Oneindig Noord-Holland. In case you were wondering why it’s been a bit quiet from my side: That’s why.
One of the key features of this website was its search feature. It’s going to be a huge collection of items of different types: stories, events, news, profiles, images, videos and a lot more… All these types of items can have the same properties: title, author, description, tags, dates, date ranges, specific locations, location areas and links to other items. These items can also have content which contains text, images, videos, links to other items and more. As a visitor you need to be able to work your way through all these items and that’s where the search comes in.
Betatest: Beating formspam with brandnew SpamBeetle
18 January 2011
Brandnew formspamkiller is ready for Bètatesting.
Since a few years triptic has been acquainted with the guys of onlinespamfilter.nl. Onlinespamfilter.nl promises their clients to get rid of e-mail spam within 24-hours. The guys at onlinespamfilter.nl have built an ingenious filtering systeem that will recognise well over 99% of all spam. And it works! So when the developers at triptic were working on some of our clients’ weblogs, trying to get rid of form spam, we discussed this issue with Gerard and Jasper at onlinespamfilter.nl. We talked about using the powerful spamfilter combined with an API, in order to get rid of formspam in much the same way as getting rid of e-mailspam.
As you might know -when you’re a blogger for instance- that formspam can be a drag. Your blog makes it possible for people to post comments. That’s what makes your blog lively. Yeah! Sadly, spambots can also find their way to your commentbox. Result: you have to work your way through hundreds of irrelevant comments before you get to that one intelligent comment made by a designated reader. There is a “solution”. Of course! Just let readers type an unidentifiable series of letters, numbers and dollarsigns in a small box and all will be fine. <Not>.
So, the task before us seemed easy enough. Together we had to come up with someting clever. And we did! As a result you now can bèta-test our formspam killer. We lovingly call her SpamBeetle. SpamBeetle is available as a WordPress plugin. Little as she may be, she will beat the hell out of spam. Want to try it for your self? Send an e-mail to let us know that you want to be one of our béta-testers. We’ll send you al the information and API’s you need.
Moving wordpress using the ezmigrate plugin
29 March 2010
Following up on my rather complex post about how the ezmigrate plugin came to life, this will be a simpler tutorial style post in which I will explain how to actually use the ezmigrate plugin to move or migrate your wordpress installation.
Simulating closures in php versions prior to php 5.3
28 March 2010
Now that PHP 5.3 has closure and lambda function support, we all would like to use it. However, not all of us are able to do so because we are still stuck with hosting providers not able or willing to upgrade to PHP 5.3. Wanting to use closures myself on servers that only support PHP 5.2 I came up with a solution to be able to use closures in PHP 5 versions prior to 5.3:
ezMigrate plugin for WordPress
3 March 2010
While setting up a development environment last month for an extensive blog using WordPress I once more encountered a problem which I ran up against every single time I had worked with WordPress. The absolute urls stored in constants, options and post contents got in my way again. Now it was the time to find a solution for this and take matters into my own hands.