Anyone using any previous version of the elgg_hybridauth plugin is encouraged to upgrade immediately to fix an important security vulnerability.

will this be available for elgg 1.9 also ??

It's likely already compatible with 1.9, I just don't have it running on any 1.9+ production sites to confirm

When a user registers and uses a different email address then the one used in the social network he chooses the user gets banned. At least I have seen this on multiple occassions that users get banned using this plugin. The only time I get that myself is when using a different email addres..

It seems to me that this is not intended behaviour and if it is, the email address should not be asked but extracted from the profile information using the API. Which is possible for all major providers

no way to allow registration only with hybridauth and normal log off?

sorry and sort it just had to change parameters in elgg_HybridAuth / actions / register.php

f you have doubts you can take a look at forosdroid.com

@Gerard - not all providers allow access to the email address, eg. Twitter

When the email address is not provided the user is prompted for it.  This plugin doesn't ban anyone, it's likely you have an anti spam plugin such as spam_login_filter that has an email/domain blacklist that is responsible for the banning.

Hmm, I do use spam_login_filter but that would also mean that my personal email address would be blacklisted. I checked thath and it is not listed.

Very strange, but if this plugin doesn't do anything with anti spam, I will have to look further.

Hi, Thank you for this useful plugin. I have tried it on Elgg 1.12.3 with Twitter and worked fine. I have also tried the github version 1.3.1 but I could not figure out where to access to the settings.  regards.

When a new user registers using social login, and if we receive an email address from the user's social login account, is a confirmation email supposed to be sent to this email address?

No, the authenticating service is vouching for that user.  Some services don't give out emails anyway (Twitter)

Guys, I am running this plugin with elgg 2.0.2 and facebook and twitter work good, but I have problems to get instagram running. The redirect-uri has to be something like

https://www.my-website.com/mod/elgg_hybridauth/?hauth.done=Instagram

Or do I have to point to a subfolder? I get an 403 error when using this. Looks like a lot of people have problems using instagram auth - mainly to get the token stuff running. Any idea what I might do wrong?

Did you include and configure Instagram as a provider? Endpoint URLs are listed in your plugin settings page. 

So useful!!! Thank you!

If I use https://www.my-webpage.com/hybridauth/endpoint instead I get redirected to a page that says:

HybridAuth
Open Source Social Sign On PHP Library. 
hybridauth.sourceforge.net/

Then everything works!!!

Great

When using HybridAuth Client for Elgg to register with LinkedIn credentials, what information from a user's LinkedIn account and LinkedIn profile is captured and stored, and where is it stored? (ex. a user's unique LinkedIn userid, the email connected to the user's LinkedIn account at time of registration, the URL of the user's profile, other information?)

When using HybridAuth Client for Elgg to login with LinkedIn, is any of this same or other information obtained and stored, in case it has changed?

Thank you.

Will you have an update for elgg 2.0?

https://elgg.org/plugins/1440827

As far as I know this works fine in 2.0. to be sure grab latest code from github.

Você acha que isso vai funcionar bem no elgg 2.3.0?

https://github.com/arckinteractive/elgg_hybridauth/releases

Is working perfectly on Elgg 2.3.0, but already tried in all ways, I can not get the callback return for Google and Facebook

I just looked into this and I am quite sure the problem is your configuration. Check the error messages you get and google them to find the solution. 

Thanks for the response ...

well,

from Google the error message is "400. That's an error.

Error: redirect_uri_mismatch

The redirect URI in the request, http://Myelgg/hybridauth/endpoint?hauth.done=Google, does not match the ones authorized for the OAuth client. Visit https://console.developers.google.com/apis/credentials/oauthclient/

"And Facebook is"

URL blocked: O Redirection failed because the URl used is not on the release list in the application client's OAuth settings. Verify that client and web OAuth login is enabled and add all domains of your application as valid OAuth redirect URLs. ".

I've actually tried it anyway but I can not get the return linkI realized that it is a redirection error, but I can not understand it, I can not solve it

Edit your Google client key and add that the URL in there.

Same with Facebook.

Sorry, but edit where? Direct in the plugin inside the administration of the site? And which url to put ??