HybridAuth / PHP Facebook SDK authentication failed (getUser returns 0)

Question

I'm trying to configure HybridAuth and I'm in the very early stages. Right now all I want to do is connect and make sure HA will redirect to facebook and prompt for app installation, then authenticate the user when they get back.

I'm manually calling the following from: http://mydomain.com/auth.php?provider=Facebook

auth.php looks like this:

session_start();
require_once($_SERVER['DOCUMENT_ROOT'] . "/func/db_connect.php");
require_once($_SERVER['DOCUMENT_ROOT'] . "/api/auth/Hybrid/Auth.php");      // HybridAuth Module 

$hybridauth_config = include($_SERVER['DOCUMENT_ROOT'] . '/api/auth/config.php');

if ($_GET['provider'] == '' || !in_array($_GET['provider'], array_keys($hybridauth_config['providers']))) {
    echo 'Invalid Provider';
} else {
    try { 
        $hybridauth = new Hybrid_Auth($hybridauth_config);

        // try to authenticate with this provider
        $adapter = $hybridauth->authenticate($_GET['provider']);

        // grab user profile
        if ($hybridauth->isConnectedWith($f_provider)) {
            // yep, we're connected.  Add this provider's info to the user_auth table
            echo 'connection successful';
        }

    } catch (Exception $e) {
        echo $e->getMessage();
    }
}

It works in that it forwards to Facebook and prompts to install the correct app with the appropriate permissions. That tells me my HA config is working fine. I install the app successfully and it then redirects back to the page, where I get the message:

Authentification failed! Facebook returned an invalide user id.

What gives? My App shows 0 adds and 0 API calls in the FB control panel too (although this data looks like it might be delayed a few days). Am I waiting for FB to enable the app in some way? Am I doing something wrong?

UPDATE

HybridAuth uses the Facebook SDK so I tried to just eliminate HA from the whole equation. Running the following basic example:

session_start();

require($_SERVER['DOCUMENT_ROOT'] . "/path/to/fbsdk/facebook.php");
$facebook = new Facebook(array(
  'appId'  => 'myappid',
  'secret' => 'myappsecret',
  'fileUpload' => true
));

$user = $facebook->getUser();
var_dump($user);

I'm logged in to facebook and I have the application added, but no matter what I do the user ID returns 0. I've tried using the test users as well - to no avail. Is there some server configuration issue I might be missing here?

Answer 1

I moved my code to a different app/server and then to the same app on a different server and everything worked fine. So I started looking into it as a server configuration issue. Turns out Facebook didn't like the self-signed certificate on my development server.

I was able to solve this problem by altering the base_facebook.php class in the PHP SDK and adding the curlopt to ignore the SSL verification step. See below:

  public static $CURL_OPTS = array(
    CURLOPT_CONNECTTIMEOUT => 10,
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_TIMEOUT        => 60,
    CURLOPT_USERAGENT      => 'facebook-php-3.1',
    CURLOPT_SSL_VERIFYPEER => false
  );

Answer 2

I've managed to figure out why this error appears even in current version of hybridauth and facebook sdk.

The reason is in the way how hybridauth and google or facebook sdk builds redirect_uri parameter. As We know from https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow/ first we have to redirect user to facebook ( with redirect_uri param ) and it returns code in response by default. Than we sent http request using curl again ( with redirect_uri param ) and these urls doesn't match, because of the reason mentioned before.

Other words if you set in hybridauth config "base_url" => "http://yourhost/hybridauth/hybridauth" ( without slash ) -> it will work fine for google, but give you this stupid message error for facebook login.

"base_url" => "http://yourhost/hybridauth/hybridauth/", ( with slash ) will work ok with facebook but will result error with google with clear error "Redirect Uri missmatch".

So not the best by quick fix is "base_url" => "http://yourhost/hybridauth/hybridauth" ( without slash ) in config.

And then choose how to build uri depends on provider.

in Provider_Adapter.php comment line 131 // $this->params["login_done"] = $HYBRID_AUTH_URL_BASE . ( strpos( $HYBRID_AUTH_URL_BASE, '?' ) ? '&' : '?' ) . "hauth.done={$this->id}";

and add these two instead.

$dlm = $this->id == "Facebook" ? "/?" : "?";

$this->params["login_done"] = $HYBRID_AUTH_URL_BASE . ( strpos( $HYBRID_AUTH_URL_BASE, $dlm ) ? '&' : $dlm ) . "hauth.done={$this->id}";

Such way we have solution to support both Facebook and Google.

Answer 3

For anyone else coming accross this and the answer above doesn't work, I was facing the same issue an turns out my app on Facebook was still in Sandbox mode. Turning this off under the app settings turned out to solve the issue of getting a 0 user id.

Answer 4

Hybrid auth adds a series of "0"s in scope parameter. I am not sure how good is this idea of modifying the Hybrid auth core class but I just modified the loginBegin function in Hybrid/Providers/Facebook.php and it is working fine now:

function loginBegin()
{
  $parameters = array("scope" => $this->scope, "redirect_uri" => $this->endpoint, "display" => "page");
  $optionals  = array("scope", "redirect_uri", "display");

  foreach ($optionals as $parameter){
    if( isset( $this->config[$parameter] ) && ! empty( $this->config[$parameter] ) ){
      $parameters[$parameter] = $this->config[$parameter];
    }
  }

  if (isset($parameters['scope'])) {
    foreach ($parameters['scope'] as $key => $parameter){
      if ($parameter == '0') {
        $parameters['scope'][$key] = '';
      }
    }
  }

  // get the login url 
  $url = $this->api->getLoginUrl( $parameters );

  // redirect to facebook
  Hybrid_Auth::redirect( $url );
}