Restore Access Token in hybridauth

StackOverflow https://stackoverflow.com/questions/12462739

  •  02-07-2021
  •  | 
  •  

Question

I saved the Access Token (using this method: getAccessToken ()) in my database, but now I would like to restore this value to an object.

How can I do this?

Was it helpful?

Solution

This is explained in hybridauth user manual with below code :

  // get the stored hybridauth data from your storage system
   $hybridauth_session_data = get_sorted_hybridauth_session( $current_user_id );

Get_sorted_hybridauth_session is your internal function to get the stored data. It doesnt matter whether you store the data in a table in a field named 'external_token' or something, get it through a normal sql query, and then just feed it to below function :

   // then call Hybrid_Auth::restoreSessionData() to get stored data
   $hybridauth->restoreSessionData( $hybridauth_session_data );

   // call back an instance of Twitter adapter
   $twitter = $hybridauth->getAdapter( "Twitter" ); 

   // regrab te user profile
   $user_profile = $twitter->getUserProfile();

$hybridauth->restoreSessionData( $hybridauth_session_data ); will restore the serialized session object, and then it will get an adapter for whichever provider it was saved for. Its best that you also save the provider name (Twitter in this case) in the same database table with something like external_provider , and then you can get it through a sql auery and feed it to getAdapter function. That should do what you need to do.

The manual example is below :

http://hybridauth.sourceforge.net/userguide/HybridAuth_Sessions.html

=============

As an added info - what i saw in my tests was, saving session in this way does not prevent hybridauth from logging the user in, even if the user has revoked access from the app in the meantime. Ie, if user is already logged in and authorized, but, went to the app separately and revoked the access (google for example), hybridauth will still log in the user to your system. Im currently trying to find a way to make sure the user is logged to the remote system too.

OTHER TIPS

Late, but I thought this would help:

The following code verifies and removes those providers from HybridAuth that the user is not truly logged into:

$providers = $this->hybridauthlib->getConnectedProviders();

foreach( $providers as $connectedWith ){
    $p = $this->hybridauthlib->getAdapter( $connectedWith );
    try {
        $p->getUserProfile();
    } catch (Exception $e) {
        $p->logout();
    }
}
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top