Skip to content

Social Authentication

Jump to bottom Edit New page
skyronic edited this page Nov 27, 2014 · 1 revision

If you want to enable social authentication in RazorFlow PHP it is quite simple to do it using an existing library called HybridAuth. Limitations of PHP prevent this from being included by default in embedded applications. Instead it's quite simple to do this yourself.

Step 1: Build your dashboard

Build your dashboard, and include it on a page. For example, let MyDashboard be a class of standalone dashboard. This will be the dashboard that will be protected with social authentication.

$db = new MyDashboard();

$db->renderStandalone (); // or $db->renderEmbedded();

Step 2: Install and include HybridAuth

  1. Download hybridauth
  2. Upload this to some folder in your application.
  3. Include hybridauth using require '/path/to/hybridauth.php'; in your code

Step 3: Create a google OAuth application and get the keys

Register an application using the [http://hybridauth.sourceforge.net/userguide/IDProvider_info_Google.html](Registering an application) section provided.

Step 4: Configure hybridauth, and get the user's email

    $config = array( 
      "base_url" => "http://mywebsite.com/path/to/hybridauth/",  
      "providers" => array (
        "Google" => array ( 
          "enabled" => true,
          "keys"    => array ( "id" => "PUT_YOURS_HERE", "secret" => "PUT_YOURS_HERE" ), 
          "scope"           => "https://www.googleapis.com/auth/userinfo.email"   ,
    )));

$hybridauth = new Hybrid_Auth( $config );    
$adapter = $hybridauth->authenticate( "Google" );  
$user_profile = $adapter->getUserProfile(); 
$email = $user_profile->email;

// TODO: Do email validation here.

$db = new MyDashboard();

$db->renderStandalone ();

Step 5: Validate the email.

Allow only mails from particular domains

Let's say only emails from razorflow.com and example.org are allowed.

$email = $user_profile->email;
$validation_pass = false; // assume validation fails

// A small utility function to see if one string ends with another
function endsWith($haystack, $needle) {
    // search forward starting from end minus needle length characters
    return $needle === "" || strpos($haystack, $needle, strlen($haystack) - strlen($needle)) !== FALSE;
}

$allowed_domains = array('razorflow.com', 'example.org');
foreach($allowed_domains as $domain) {
    if(endsWith($email, $domain)) {
          $validation_pass = true;
    }
}

$allowed_emails = array('someone@somedomain.com', 'external@vendor.com'; // TODO: Change this
foreach($allowed_emails as $valid_email) {
     if($email === $valid_email) {
          $validation_pass = true;
     }
}

if($validation_pass === false) {
     // Clear the hybridauth session so that the user can log in with another correct ID
     Hybrid_Auth::logoutAllProviders();
     die ("ERROR! Your login is invalid");
}

$db = new MyDashboard();
// render the dashboard here

How does this code work:

  1. It uses the hybridauth library to get the user's email
  2. It checks the email whether it ends with the appropriate domain. So anirudh@razorflow.com will match razorflow.com
  3. If validation is passed it renders the dashboard cleanly. You can also have a logout button to use Hybrid_Auth::logoutAllProviders
Add a custom footer
Add a custom sidebar
Clone this wiki locally