HybridAuth, open source social sign on for Facebook, Twitter, MySpace, LinkedIn, Google, Yahoo and etc

HybridAuth, Yii component version, enable developers to easily build social applications to engage websites vistors and customers on a social level by implementing social signin, social sharing, users profiles, friends list, activities stream, status updates and more.


  • Yii 1.1 or above
  • Browsers support CSS3


  • Extract 'hybridAuth' folder to protected/extensions/widgets.


Configure the components property of the application instance protected/config/main.php as following. Detail of HybridAuth configuration options, please refer to HybridAuth Configuration

            'enabled'=>true, // enable or disable this component
                 "base_url" => "", 
                 "providers" => array(
                       "Google" => array(
                            "enabled" => false,
                            "keys" => array("id" => "", "secret" => ""),
                       "Facebook" => array(
                            "enabled" => true,
                            "keys" => array("id" => "##", "secret" => "##"),
                       "Twitter" => array(
                            "enabled" => false,
                            "keys" => array("key" => "", "secret" => "")
                 "debug_mode" => false,
                 "debug_file" => "",
         ),//end hybridAuth
     ),//end components

Setup, code preparation.

By referring the previous section

"base_url" => "",

As the base_url suggest, create a HybridauthController.php in protected/modules/user/controllers/HybridauthController.php to process the hybridauth API.

Sample code of HybridauthController.php

class HybridauthController extends Controller{
    public $defaultAction='authenticate';
    public $debugMode=true;
    // important! all providers will access this action, is the route of 'base_url' in config
    public function actionEndpoint(){
    public function actionAuthenticate($provider='Facebook'){
        if(!Yii::app()->user->isGuest || !Yii::app()->hybridAuth->isAllowedProvider($provider))
            $socialUser = Yii::app()->hybridAuth->getAdapterUserProfile($provider);
                // find user from db model with social user info
                $user = User::model()->findBySocial($provider, $socialUser->identifier);
                    // if not exist register new user with social user info.
                    $model = new User('register');
                    $model->social_provider = $provider;
                    $model->social_identifier = $socialUser->identifier;
                    $model->social_avatar = $socialUser->photoURL;
                    $model->email = $socialUser->email;
                    $model->social_info1 = hash(......);
                    $model->social_info2 = hash(......);
                    $identity = new UserIdentity($user->social_info1, $user->social_info2);
                    switch ($identity->errorCode) {
                      case UserIdentity::ERROR_NONE:
    public function actionLogout(){

For more available social user info, please refer Hybrid_User_Profile.

Sample code of UserIdentity

class UserIdentity extends CUserIdentity {
  private $_id;
      public function authenticate($type=null) {
            case 'social': // for social user login - use in HybridauthController.php
                $user=User::model()->findByAuthSocial($this->username, $this->password);
            case 'user':
                // for normal registered user login - use in your user login controller
                $user=User::model()->findByAuthUser($this->username, $this->password);
        }//end switch
        if (empty($user)) {
            $this->errorCode = self::ERROR_USERNAME_INVALID;
            $this->errorCode = self::ERROR_PASSWORD_INVALID;
        }else {
            $this->_id = $user->id;
            $this->setState('language', $user->preferredLanguage);
            $this->errorCode = self::ERROR_NONE;
        return $this->errorCode == self::ERROR_NONE;
  public function getId() {
        return $this->_id;

Usage in views file

Put the Zocial CSS3 button widget in the view files. This widget button will hide if user is logged in. Styling the Zocial CSS3 button, please refer Zocial CSS3 Styling Guide

<?php $this->widget('ext.widgets.hybridAuth.SocialLoginButtonWidget', array(
)); ?>

SocialLoginButtonWidget Parameters

  • type: button type. Options include 'button' or 'icon'. Default: 'button'.
  • buttonText: Button text. Default: 'Signin with {provider}'.
  • htmlOptions: widget htmlOptions.
  • buttonHtmlOptions: individual button htmlOptions.
  • route: route for processing hybrid auth.
  • params: array of parameters (name=>value) that should be used instead of GET when generating button URL.
  • paramVar: name of the GET variable. Default: 'provider'.
  • providers: array of providers.
  • enabled: Enable or disable this widget. Default: true.

Methods of CHybridAuth

Detail explanations please refer to Hybrid_Auth API

Hybrid_Auth object methods

  • endPoint(): Perform the functionality of HybridAuth Endpoint.
  • isAllowedProvider($provider): Return true if the current providers is enabled.
  • getAllowedProviders(): Return array of all enabled providers.
  • getHybridAuth(): Return the current Hybrid_Auth object. Equire to new Hybrid_Auth($config_file_path).
  • getAdapter($provider, $params=array()): equire to Hybrid_Auth::authenticate(provider, params)
  • isConnectedWith($provider): equire to Hybrid_Auth::isConnectedWith(provider)
  • getConnectedProviders(): equire to Hybrid_Auth::getConnectedProviders()
  • getSessionData(): equire to Hybrid_Auth::getSessionData()
  • restoreSessionData($sessiondata): equire to Hybrid_Auth::restoreSessionData(array)
  • logoutAllProviders(): equire to Hybrid_Auth::logoutAllProviders()
  • redirect($url): equire to Hybrid_Auth::redirect(url)
  • getCurrentUrl(): equire to Hybrid_Auth::getCurrentUrl()

Example 1: Using Hybrid_Auth methods

// get Hybrid_Auth object
$provider = 'Facebook';
$hybridAuth = Yii::app()->hybridAuth->getHybridAuth();
$facebook = $hybridAuth->authenticate($provider);
$facebook = $hybridAuth->getAdapter($provider);

or call method directly

$provider = 'Facebook';
$facebook = Yii::app()->hybridAuth->getAdapter($provider, $params=array());

Hybrid_Provider_Adapter object methods

  • getAdapterApi($provider): equire to Hybrid_Provider_Adapter::api()
  • isAdapterUserConnected($provider): equire to Hybrid_Provider_Adapter::isUserConnected()
  • logoutAdapter($provider): equire to Hybrid_Provider_Adapter::logout()
  • setAdapterUserStatus($provider, $status): equire to Hybrid_Provider_Adapter::setUserStatus($status)
  • getAdapterUserProfile($provider): equire to Hybrid_Provider_Adapter::getUserProfile()
  • getAdapterUserContacts($provider): equire to Hybrid_Provider_Adapter::getUserContacts()
  • getAdapterUserActivity($provider, $stream='timeline'): equire to Hybrid_Provider_Adapter::getUserContacts($stream)
  • getAdapterAccessToken($provider): equire to Hybrid_Provider_Adapter::getAccessToken()

Example 2: Using Hybrid_Provider_Adapter methods

$facebook = Yii::app()->hybridAuth->getAdapter('Facebook');
$user = $facebook->getUserProfile();
echo $user->email;
echo $user->photoURL;
$facebook->api()->api('/me/friends', "post", array(message => "Hi there")); // post to user wall

or call method directly

$provider = 'Facebook';
$user = Yii::app()->hybridAuth->getAdapterUserProfile($provider);
echo $user->email;
echo $user->photoURL;
Yii::app()->hybridAuth->getAdapterApi($provider)->api('/me/friends', "post", array('message' => "Hi there")); // post to facebook user wall

Change Log

Version 1.0.2

  • Fix typo error for $this->htmlOptions['class']='social-sigin';

Version 1.0.1

  • Rename 'HybridAuthLoginWidget' to 'SocialLoginButtonWidget' for readability.

Version 1.0.0

  • Initial release.


[Extra] Sample Codes in User model

The social user login algorithm used in this extension is for reference only. With this approach you can custom to suit your own defined database fields.

class User extends CActiveRecord{
   public function findBySocial($provider, $identifier){
     return $this->findByAttributes(array(
   // for social user login
   public function findByAuthSocial($socialCode1, $socialCode2){
     return $this->findByAttributes(array(
             'social_secret_code' => hash(......),
   // for normal registered user login
   public function findByAuthUser($username, $password){
      return $user->password === crypt($password, $user->password)? $user:null;

Total 13 comments

#15832 report it
spyfx at 2013/12/20 11:39am
Facebook returned an invalid user id.

I am getting the following error:

Authentication failed. The user has canceled the authentication or the provider refused the connection.
Original error message: Authentication failed! Facebook returned an invalid user id.

And I cant figure out whats the problem, I red a lot of solutions, but nothing helped so far. Any guesses?

#15324 report it
menxaca at 2013/10/28 10:03pm
Add PayPal Provider

Does someone know how to add PayPal? I have tried to create a new provider, but I always get the same error "User profile request failed! Paypal returned an error: exception 'Exception' with message 'The Authorization Service has return: invalid_client' in /home/content/43/10011243/html/protected/extensions/hybridAuth/vendors/hybridauth/Hybrid/thirdparty/OAuth/OAuth2Client.php:82"

It happens after consent the grants to paypal. Someone has the same problem or have got to install PayPal?

class Hybrid_Providers_Paypal extends Hybrid_Provider_Model_OAuth2
    // default permissions 
    public $scope = "openid profile email address";
    * IDp wrappers initializer 
    function initialize() 
        // Provider api end-points
        $this->api->api_base_url   = "";
        $this->api->authorize_url  = "";
        $this->api->token_url      = "";
        //$this->api->token_info_url = "";
    * begin login step 
    function loginBegin()
        Hybrid_Auth::redirect( $this->api->authorizeUrl( array( "scope" => $this->scope ) ) ); 
    * load the user profile from the IDp api client
    function getUserProfile()
        // refresh tokens if needed 
        // ask paypal api for user infos
        $response = $this->api->api( "" ); 
        if ( ! isset( $response->id ) || isset( $response->error ) ){
            throw new Exception( "User profile request failed! {$this->providerId} returned an invalide response.", 6 );
        $this->user->profile->identifier    = (property_exists($response,'id'))?$response->id:"";
        $this->user->profile->firstName     = (property_exists($response,'given_name'))?$response->given_name:"";
        $this->user->profile->lastName      = (property_exists($response,'family_name'))?$response->family_name:"";
        $this->user->profile->displayName   = (property_exists($response,'name'))?$response->name:"";
        $this->user->profile->gender        = (property_exists($response,'gender'))?$response->gender:""; 
        $this->user->profile->email         = (property_exists($response,'email'))?$response->email:"";
        $this->user->profile->emailVerified = (property_exists($response,'email'))?$response->email:"";
        $this->user->profile->language      = (property_exists($response,'locale'))?$response->locale:"";
        if( property_exists($response,'birthday') ){ 
            list($birthday_year, $birthday_month, $birthday_day) = explode( '-', $response->birthday );
            $this->user->profile->birthDay   = (int) $birthday_day;
            $this->user->profile->birthMonth = (int) $birthday_month;
            $this->user->profile->birthYear  = (int) $birthday_year;
        return $this->user->profile;
#14903 report it
vzangloo at 2013/09/19 02:04pm
Re: Chinda

$facebook = Yii::app()->hybridAuth->getAdapter('Facebook');
$user = $facebook->getUserProfile();
echo $user->email;

try if you can display email?
some people may not want to share their phone number.

#14888 report it
Chinda at 2013/09/18 09:45am
How to get User Phone Number

Dear sir,

Please read my code

$facebook = Yii::app()->hybridAuth->getAdapter('Facebook');


echo $user->phone;

But I get nothing, please tell me how can I get user phone number from hybridAuth?

Thanks in advanced

#14879 report it
Chinda at 2013/09/18 03:34am
Got Error

Dear sir, Please help me ??? As I follow your step and I got this error when I try Authorised by Facebook:

=================================================== Given URL is not allowed by the Application configuration.: One or more of the given URLs is not allowed by the App's settings. It must match the Website URL or Canvas URL, or the domain must be a subdomain of one of the App's domains.

my print screen

#14874 report it
vzangloo at 2013/09/17 11:04am
Re: Chinda

The hash(....) used in the sample code above is only for depiction purpose. You can write your own hash function.

The coding depicted in this page is only a show case how I would use the 'CHybridAuth' to integrate into my application. You are not necessary follow exactly what I did, you may implement your own algorithm.

#14864 report it
Chinda at 2013/09/17 12:01am
Get error in HybridauthController

..... $model->social_info1 = hash(......); $model->social_info2 = hash(......);

Please let me know how can I put replace hash(......) ? where I can it from???

Please help me.

#14806 report it
SeeDoubleYou at 2013/09/11 05:22am
LinkedIn, on cancel: "Authentication failed! LinkedIn returned an invalid Token."

When the I authorize the app all works well, but when I press cancel in the authorization dialoge I get:

Authentication failed. The user has canceled the authentication or the provider refused the connection.

which is good, since it was cancelled, however, after that I get:

Original error message: Authentication failed! LinkedIn returned an invalid Token.

followed by

Fatal error: Call to a member function isUserConnected() on a non-object in [...]\hybridAuth\CHybridAuth.php on line 155

This happens when after the cancel, the following is executed:


(see also

#14013 report it
PrplHaz4 at 2013/07/11 01:41pm
Thanks for the response!

For reference, the hoauth extension supports configuration via the Yii::app()->params['hoauth']['configAlias'] parameter and the hybridauth extension supports it via module config.

This component method seems to be a cleaner implementation that other extensions could also leverage.

Perhaps some things to add to docs: - User must define $user->findByAuthSocial and $user->findByAuthUser in User model - User must define persistent storage routine for social logins (create db table, model...etc)

#14006 report it
vzangloo at 2013/07/11 09:11am
Is a Yii component version

This version is more flexible if you implement your project in different environments.

#14003 report it
PrplHaz4 at 2013/07/11 07:54am
how is this different from other hybridauth methods

Please explain how this differs from existing hybridauth extensions/direct usage of library in order to help us pick the correct one for our needs.

#13946 report it
vzangloo at 2013/07/09 04:36am

The typo error, fixed.

#13944 report it
Wiseon3 at 2013/07/09 03:38am
Css class typo

There's a typo in SocialLoginButtonWidget on line 39:


The class name should be 'social-signin', although it isn't defined in the extension css.

Leave a comment

Please to leave your comment.

Create extension