Publishers of technology books, eBooks, and videos for creative people

Home > Articles > Web Design & Development > PHP/MySQL/Scripting

Social Media Authentication and Authorization Using PHP

  • Print
  • + Share This
Social media authentication—the ability to log in to a site using your Twitter, Facebook, or similar account—has been well embraced by users and websites alike. Rather than forcing users to create new accounts at each site, social media authentication allows them to use their favorite existing account. Furthermore, authentication leads the way to authorization, where a website can make use of the social media site's resources. In this article, Larry Ullman will show you how to integrate this functionality into your website.
Like this article? We recommend

Years ago, the OpenID standard was created as a way to make access to websites easier for users. Instead of having to create, and remember, a new username/email address and password combination at every site a user goes to (even once), a user can provide his or her OpenID information to sites that support it, and a new registration will not be required. But OpenID only provides authentication. A better feature is authorization: granting access to certain aspects of a user’s account on another site.

This is where OAuth comes into play. It sprang out of Twitter’s OpenID implementation, and provides a foundation for authorizing access and actions across websites. For example, on your site, OAuth can be used to:

  • Display a user’s Facebook status
  • Share an image from a user’s Flickr or Instagram account
  • Embed video from a user’s Vimeo account

Each of these sites, as well as dozens of others, has the power to make its user accounts available through an Application Programming Interface (API), once the proper authentication and authorization has taken place. By tying into these interfaces, users can access your site without registration, and your site can use aspects of the user’s account at these other sites (with permission, of course). The trick is in knowing how.

Choosing a Library

You can certainly use your own PHP code, and each provider’s documentation, to perform authentication and authorization requests. But that approach is both time-consuming and fraught with frustration.

Better yet, you could instead use a simple library, such as Janrain’s OpenID Enabled or the PEAR OpenID package. But even that approach will require a bit of work to support multiple providers (e.g., Facebook and Twitter and Google and…).

My recommendation is to use the HybridAuth library instead. It’s easy to use, reliable, well-documented, and open source. I’ll explain how to install it and then show some code for using it to connect to Twitter. But first, you’ll need to “register” your website with whatever provider you plan to use, so let’s look at that process first.

  • + Share This
  • 🔖 Save To Your Account