Social Authentication
skyronic edited this page Nov 27, 2014
·
1 revision
If you want to enable social authentication in RazorFlow PHP it is quite simple to do it using an existing library called HybridAuth. Limitations of PHP prevent this from being included by default in embedded applications. Instead it's quite simple to do this yourself.
Build your dashboard, and include it on a page. For example, let MyDashboard
be a class of standalone dashboard. This will be the dashboard that will be protected with social authentication.
$db = new MyDashboard();
$db->renderStandalone (); // or $db->renderEmbedded();
- Download hybridauth
- Upload this to some folder in your application.
- Include hybridauth using
require '/path/to/hybridauth.php';
in your code
Register an application using the [http://hybridauth.sourceforge.net/userguide/IDProvider_info_Google.html](Registering an application) section provided.
$config = array(
"base_url" => "http://mywebsite.com/path/to/hybridauth/",
"providers" => array (
"Google" => array (
"enabled" => true,
"keys" => array ( "id" => "PUT_YOURS_HERE", "secret" => "PUT_YOURS_HERE" ),
"scope" => "https://www.googleapis.com/auth/userinfo.email" ,
)));
$hybridauth = new Hybrid_Auth( $config );
$adapter = $hybridauth->authenticate( "Google" );
$user_profile = $adapter->getUserProfile();
$email = $user_profile->email;
// TODO: Do email validation here.
$db = new MyDashboard();
$db->renderStandalone ();
Let's say only emails from razorflow.com
and example.org
are allowed.
$email = $user_profile->email;
$validation_pass = false; // assume validation fails
// A small utility function to see if one string ends with another
function endsWith($haystack, $needle) {
// search forward starting from end minus needle length characters
return $needle === "" || strpos($haystack, $needle, strlen($haystack) - strlen($needle)) !== FALSE;
}
$allowed_domains = array('razorflow.com', 'example.org');
foreach($allowed_domains as $domain) {
if(endsWith($email, $domain)) {
$validation_pass = true;
}
}
$allowed_emails = array('someone@somedomain.com', 'external@vendor.com'; // TODO: Change this
foreach($allowed_emails as $valid_email) {
if($email === $valid_email) {
$validation_pass = true;
}
}
if($validation_pass === false) {
// Clear the hybridauth session so that the user can log in with another correct ID
Hybrid_Auth::logoutAllProviders();
die ("ERROR! Your login is invalid");
}
$db = new MyDashboard();
// render the dashboard here
How does this code work:
- It uses the hybridauth library to get the user's email
- It checks the email whether it ends with the appropriate domain. So
anirudh@razorflow.com
will matchrazorflow.com
- If validation is passed it renders the dashboard cleanly. You can also have a logout button to use
Hybrid_Auth::logoutAllProviders