HybridAuth Fix: Authentication failed! Facebook returned an invalid user id

In a project I was working on this past weeks, I was tasked to integrate social network login functionality to the site.

To reduce time required to implement the social login of each social networks, I opted to use HybridAuth – a PHP library that enable developers to easily build social applications to engage websites visitors and customers on a social level by implementing social sign in, social sharing, users profiles, friends list, activities stream, status updates and more.

HybridAuth act as an abstract API between your application and the various social APIs and identities providers such as Facebook, Twitter, Google, LinkedIn, Github etc.

In this article, I will show us how to fix the following error returned by Facebook / hybridauth after a user has authorized your Facebook application – Authentication failed! Facebook returned an invalid user id.

Below is a checklist that must be adhered to in order to prevent the above error.

  1. Ensure the Client OAuth Login feature is enabled with others disabled.
    This can be found under security section when you click the Advanced tab.

    Facebook application security settings
  2. Ensure the app and all its live features are available to the general public. This is done at the Status & Review page.

    Note: the Contact Email in Settings > Basic must contain a valid email address before this feature can be activated.

    Facebook app - status and review

  3. Last but not the least is: in your config array, ensure the base_url point to HybridAuth Endpoint (where index.php and perhaps config.php are found).

    In my case, the error was as a result of the absence of a trailing slash to the URL. I.e. instead of http://mywebsite.com/path/to/hybridauth/, I entered http://mywebsite.com/path/to/hybridauth

    Here is my Facebook config file if it helps.

    		"base_url" => 'http://mywebsite.com/path/to/hybridauth/',
    		"Facebook" => array(
    			"enabled"        => true,
    			"keys"           => array( "id" => 'app id here', "secret" => 'app secret here' ),
    			"trustForwarded" => true,
    			"scope"          => "email, user_about_me, user_birthday, user_hometown", // optional
    			"display"        => "page" // optional

    Note: you can rename the index.php file that contains the code for the HybridAuth End Point to say hybrid.php thus, your base url will become http://mywebsite.com/path/to/hybridauth/hybrid.php

  4. I actually spent days trying to figure out the cause of this problem without luck. I hope someone find this article useful someday.

    Don’t miss out!
    Subscribe to My Newsletter
    Invalid email address