Add Commenting to Your PHP Application with Single Sign-on

Published by Supun Kavinda on

Creating a commenting system from scratch can be time consuming and expensive. If you want to add commenting functionality to your existing PHP application, you can use Hyvor Talk embedded comments system with Single Sign-on.

In this tutorial, I assume that you already have an authentication system (login/signup) on your application.

So, what’s Single Sign-on (SSO)? By default, Hyvor Talk requires users to have a Hyvor account to comment. However, by setting up Single Sign-on, your users can comment using their account on your application.

The comments section will look like this:

Comments section with Single Sign-on on a PHP application

Setting up Hyvor Talk Account

Before we get started with coding, you’ll need to set up Hyvor Talk.

  • Go to the Hyvor Talk Console. This will ask you to login to your existing Hyvor account or create a new one.
  • After creating the Hyvor account, add your website to the console.
Adding your website to Hyvor Talk console
Adding your website
  • Then, your 14 days trial will start. You can now start setting up SSO.

Setting up SSO ID

In Hyvor Talk, a SSO connection is called an “SSO ID”. Go to Account -> SSO section in the console, and create a new SSO ID with type “stateless”.

Create new SSO ID for the PHP app

Next, click Assign Websites and assign your website to this SSO ID.

SSO ID on Hyvor Talk

You are all done with setting up Hyvor Talk SSO. Finally, copy your Private Key.

Adding Comments to Your PHP Application

It’s time to write some code. Hyvor Talk is a embedded commenting system. It is installed via a HTML and JS code. First, get this code from the installation section (Moderate -> Install) of the console.

Copy and paste this code on your template file.

Adding the HTML and  JS code to add PHP commenting functionality

Now, if you check your page, you’ll see that the comments section requires Hyvor login to comment.

Connecting Your Accounts System with Hyvor Talk

This is the last step: “Tell Hyvor Talk about the user”. In this step, you are going to tell Hyvor Talk whether the user is logged in. If the user is logged in, you’ll send their data such as email, name, and profile picture. For security, we hash these data before sending it via the installation code.

Here, I assume that the user data and related methods are stored in an $user object.

<?php
$HYVOR_TALK_SSO_PRIVATE_KEY = 'YOUR_PRIVATE_KEY_HERE';
$userData = []; // for unauthenticated users
if ($user -> isLoggedIn()) {
    $userData = [
        'id' => $user -> id,
        'name' => $user -> name,
        'email' => $user -> email,
        'picture' => $user -> picture,
        'url' => $user -> url,
    ];
}
// json and base64 encoding (used for hash and later)
$encodedUserData = base64_encode(json_encode($userData));
// creating the hash
$hash = hash_hmac('sha1', $encodedUserData, $HYVOR_TALK_SSO_PRIVATE_KEY);
  • $user -> isLoggedIn() should be a method on your application to check if the user is logged in.
  • $user -> id should be unique for each user.

Now, add sso object to HYVOR_TALK_CONFIG in the installation code.

var HYVOR_TALK_CONFIG = {
    url: false,
    id: false,
    sso: {
        hash: "<?= $hash ?>",
        userData: "<?= $encodedUserData ?>",
        loginURL: "https://yourwebsite.com/login",
    }
}

Now, the users will be automatically logged in to the comments section if they are logged into your system. Also, the comments section will show a login button, which will redirect the user to the URL you given by you at HYVOR_TALK_CONFIG.sso.loginURL.

In Conclusion…

That’s all you need to get started with Hyvor Talk and Single Sign-on for your PHP application. After this, you can customize the comments section from the console. Visit our documentation to learn more about customization options.

If you have any questions, feel free to comment below.

Resources

Need a privacy-focused commenting platform for your website?

Subscribe to our Newsletter

We write a lot of blog posts to help you grow your audience on your website. Subscribe to get the best blog posts right into your inbox.

Categories: SSO