Yii 1.1: hoauth

hoauth - simple integration of social network authorization lib Hybridauth and Yii (facebook, google, twitter, vkontakte ...)
  • hoauth extension provides simple integration with social network authorization lib Hybridauth in Yii. (facebook, google, twitter, vkontakte and much more).
  • Automatically finds and supports yii-user module (instruction is in documentation section).
  • Supports I18N (available translations)


The demonstration of hoauth extension integrated with yii-user extension can be found here.


  • Yii 1.1.9 or above. (I have tested it only in 1.1.13)

Available social networks

  • OpenID
  • Google
  • Facebook
  • Twitter
  • Yahoo
  • MySpace
  • Windows Live
  • LinkedIn
  • Foursquare
  • Vkontakte
  • AOL

Additional social networks providers can be found at HybridAuth website. And how to configure them here at the bottom of the page.



New in hoauth v1.2.5

  • added an option to display only icons in social login widget (HOAuth::onlyIcons)
  • Authentication through pop-up window
  • Added support of CWebUser::returnUrl (for popup window only if it has not default value)
  • Enh#45: Added composer support (example of installation)
  • Small refactoring
  • Added repo with the source code of demo project.

New in hoauth v1.2.4

  • updated hybridauth lib
  • support of older version of yii-user
  • moved to MIT license

New in hoauth v1.2.3

  • yii-user: we display username field only if it is required by the User model, so you can disable username field in yii-user.
  • fixed bug when after saving profileCache returned in serialized form
  • removed some NOTICE erros and fixed one stupid big with email sending callback (thanks to Komannder)
  • fixed bug with imposibility of login with twitter (and other similar SN) despite successful email activation
  • added two callbacks: hoauthCheckAccess() and hoauthAfterLogin(). Details at https://github.com/SleepWalker/hoauth/wiki/Callbacks.
  • added Spanish, German and Russian translations (thanks to Komannder and me)
  • Security improvement: if user try to login with email of existing local account, that is not bond to current social network, he will be asked for password to confirm binding.
  • added support of validatePassword() callback - alias for verifyPassword()
  • added widget HOAuthActive - display login buttons of social networks bond to current user (Komannder)

New in hoauth v1.2.2

  • Enh#6: support of prefixed table names
  • Enh#7: added ability to setup alias (by default is application.config.hoauth) of HybridAuth config file in yii config (Yii::app()->params['hoauth']['configAlias'])
  • Enh#8: widget to display social networks that user bond to
  • Support of yii-user version, when Profile::regMode isn't static property
  • Fixed issue when password field apeared, when it should not do so during social network signup
  • Support of sending activation email by yii-user module
  • Added support of yii-user banned and not activated account status
  • Ability to register a new account with the same SN, when in db still exists SN relation to account that was deleted
  • HOAuthWidget moved to widgets directory (see UPGRADE.md)

New in hoauth v1.2.1

  • It was decieded to move HybridAuth config file to the yii's config diretory and rename to hoauth.php. Extension will try to do it automatically, when config diretory is not writable, it will run with config file from old directory, but old directory has the deprecated status.
  • fixed bug with to long username, when registering user for yii-user extension.
  • Support of login from social networks, that returning no email (also added HUserInfoForm class).
  • updates in installation instructions

New in hoauth v1.2

  • HOAuthWiget property $controllerId replaced by $route and now you can specify route e.g. module/controller
  • Modification of HybridAuth install script to generating Endpoint URL properly.
  • Renaming of user_oauth table columns: name -> provider, value -> identifier (model will automatically update schema)
  • New features in UserOAuth.php model.
  • Support for yii-user extension

Total 20 comments

#18653 report it
Ddd at 2014/12/07 12:01pm
Let user register normally when connected


If you connect with a network to register, the registration form that follows instantly displays an error (ie 'Username must be azAZ0-9' or 'Email cannot be blank'). This looks ugly and it looks like hoauth is automatically trying to submit the credentials it received from the network.

I want to let users connect to a network, have hoauth automatically fill in some details in the registration form that follows (username, email, etc), and also let the user fill in password etc. so they can also log in with username/password instead of being forced to use the network they chose.

Is there a way to do this?

#18643 report it
Trejder at 2014/12/05 04:25am
Demo with yii-user is failing

I found your extension very interesting, especially its integration with yii-user. However, demo for both, you provided seems to be failing:

  1. Clicking "Login with OpenID" ends with exception: "OpenID adapter require the identity provider identifier 'openid_identifier' as an extra parameter".

  2. I'm unable to login with Facebook. First click opens Facebook's authorization for your demo app, but after that, user must change name, because names comming from Facebook always contains space (between first and second name) and your app does not allows that. After changing name, confirmation e-mail is sent. After activating account another click to "Login with Facebook" ends with an error: "This E-mail is taken by another user. If this is your account, enter password in field below or change E-mail and leave password blank". After filling-up password field with correct password (this should not happen, since we're using oauth), "Sorry, but password is incorrect" error appears.

You may want to investigate this further.

#18393 report it
BornToDrink at 2014/10/23 09:05am
Refresh token

Is there a way to keep the refresh token on second login with Google? Seems that Google returns refresh token only on first login. If lost for some reason, the access should be revoked and only then G will return the token again.

#18129 report it
SleepWalker at 2014/09/13 02:25pm

Thank you for contributing, Serge. Very nice article! I think, it should be in the ext description :)

#17975 report it
begemotik at 2014/08/20 04:40am

I've written an extensive tutorial on how to install both hoauth and Yii-user, and modify according to your needs.
I'm hoping this will help someone. You can find the article here.

#17948 report it
SleepWalker at 2014/08/14 11:05am
@laz karimov


For now I can suggest you to create virtual attributes in User model and save the to the related model in User::afterSave() method.

You can also use the following callbacks (simply create the method with coresponding name in your controller):

  • ::hoauthCheckAccess(CActiveRecord $user)
  • ::hoauthAfterLogin(CActiveRecord $user, boolean $isNewUser)

Another option is to use ::hoauthProcessUser() callback, but in this case you will need too much of copy paste

P.S. I will introduce new callbacks soon, as long as I will finish with refactoring

#17945 report it
laz karimov at 2014/08/14 10:10am
get user attributes


In SiteController we can specify the model and attributes to be attached.

'oauth' => array(
        'class' => 'ext.hoauth.HOAuthAction',
        'model' => 'User',
        'attributes' => array(
            'email' => 'email',
//          'first_name' => 'firstName',
//          'second_name' => 'lastName',

What if first_name and last_name (gender, date of birth, etc.) are in another model, and I want them to be attached as well?

Thanks in advance

#17490 report it
SleepWalker at 2014/06/22 06:01am
disable form after login

malkabani.com, If you mean the form for confirming existing account with password, you can disable this with alwaysCheckPass => false property of HOAuthAction.

if you mean the form that asks for username you should change yii-user's User model so that the username field becomes not required.

#17380 report it
malkabani.com at 2014/05/31 03:24am
disable form after login

hi i use yii-user with hoauth and i want to disable form that appear after login for first time and i want to save user information automaticly with ut this form how i do it thank you

#17333 report it
SleepWalker at 2014/05/25 01:40am

That method should be in the same controller as HOAuthAction action.

The rest I can't understand :) on which line you has Trying to get property of non-object? On those, where getUserContacts() is called?

#17298 report it
malkabani.com at 2014/05/20 10:12am

hi i add this code in controller.php

public static function hoauthAfterLogin($user, $newUser){
            $oAuth = UserOAuth::model()->authenticate("facebook");
            $userContacts = $oAuth->adapter->getUserContacts();
            echo "<pre>";

but when run the code i got this meesage

Trying to get property of non-object

and when i put it in siteController, it works fine

what is the problem

#17287 report it
malkabani.com at 2014/05/19 02:28pm
use it with api

hi i have website with api to contact with it and i want to use this extension in my site so i need to generate authkey for each user after login in so i need to store authkey in database (on table user)or another table is this rigth or not if this wrog what is the best idea to do it

thank you loot

#17275 report it
SleepWalker at 2014/05/19 06:55am

Image it is simply the photoURL property of User's profile object. And the information about friends you can get with $adapter->getUserContacts(), e.g.

$oAuth = UserOAuth::model()->authenticate($provider);
$userContacts = $oAuth->adapter->getUserContacts();

I haven't tested this functionality... More info you can find here and here.

#17273 report it
malkabani.com at 2014/05/19 06:28am
can i get user facebook image

hi i love this ext and i need to ask if i want to access to user facebook image or frends how it work and does i do it thank you

#16882 report it
karte at 2014/04/08 02:49am
Returns blank page?

The popup page, http://mysite.com/site/oauth?provider=Facebook, return blank page. I dont get any error. What should i do.. Am pretty confused..

#16448 report it
SleepWalker at 2014/02/24 08:27am

Hello, You should use yii's CWebUser method to logout the user: Yii::app()->user->logout(). The logout method from OAuth model calls only the logout method of HybridAuth lib. Probably I will add there the Yii's logout call too. But for now you should use Yii::app()->user->logout()

#16411 report it
mostofa62 at 2014/02/20 12:32pm

hello,i have use this extension, for sign up purpose, it means when user sign up using this then i just get the info and save my database table, but i face problem,only in case of facebook and google they are not logout, when i have already used the before redirect in my login action $oauth->logout();

is it logout problem,and i saw the facebook and gmail are not logout.

#16207 report it
Tibor Katelbach at 2014/01/28 05:55am

Thanks , why not, I would love to port it . if HybridAuth Lib isn't maintained anymore which alternative would you propose ? should we start over or remain on HybridAuth ?

I'm going to need this asap , So it's a good time to think about it

#16174 report it
SleepWalker at 2014/01/26 04:36am
@Tibor Katelbach

The first and not the good news is that HybridAuth lib is't meintained anymore (but it still works pretty good). So probably it is better to start new extension with the lib that maintained.

In hoauth there are some things that I want to rewrite, but have no time at the moment. But if you want to port it, I will answer all the questions that will occure )

#16059 report it
Tibor Katelbach at 2014/01/15 04:25am
work with mongoYii without yii-user ?

Hi SleepWalker I just discovered Hoauth, looks really good , thanks for open sourcing it my problem is I don't use yii-user and have a mongoDB I'd be glad to port it , but I'd like your feedback first if it's worth it ? or is it smarter to start from scratch again ? I'd like to benefit from all the integration work you have already done ? thanks for sharing your thoughts Tibor

Leave a comment

Please to leave your comment.

Create extension