How to implement HybridAuth VIA ajax call?

Question

I'm trying to setup an SSO login for a modx site & decided to try to do it using HybridAuth and Ajax, though I am getting an error I don;t know how to deal with, here is what I have:

A coule of buttons to call the jQuery:

<button 
    name="googlelogin" 
    type="button" 
    id="googlelogin" 
    class="btn btn-primary googlelogin hybridauthlogin" 
    data-provider="Google" 
    data-redirect="" 
    data-action="/hybridauth.php">Login with Google+
</button>


<button 
    name="facebooklogin" 
    type="button" 
    id="facebooklogin" 
    class="btn btn-primary facebooklogin hybridauthlogin" 
    data-provider="Facebook" 
    data-redirect="" 
    data-action="/hybridauth.php">Login with Facebook
</button>

The jQuery:

$(document).ready(function() {

    $('.hybridauthlogin').on('click', function() {

        var action = $(this).attr('data-action');
        var redirect = $(this).attr('data-redirect');
        var provider = $(this).attr('data-provider');

        var postdata = {"action": action, "redirect": redirect, "provider": provider };

        $.ajax({
            type: "POST",
            url: action,
            dataType  : "JSON",
            cache : false,
            data: postdata,

            success: function(data){
                console.log("success status posting data" + data);
                if(data.status == 'success'){

                    console.log("success status posting data");

                }else if(data.status == 'error'){

                    console.log("error status posting data");

                }

            },

            error: function(jqxhr,textStatus,errorThrown){

                console.log("FATAL: error posting data");

                console.log(textStatus);
                console.log(errorThrown);

            }

        });

    });

});

And a very simple php processor that loads modx & HyBridAuth:

<?php
// start a new session (required for Hybridauth)
session_start();

define('MODX_API_MODE', true);

require_once('index.php');

$modx = new modX();

$modx->initialize('web');


// change the following paths if necessary
$config   = dirname(__FILE__) . '/assets/components/hybridauth/config.php';

require_once( dirname(__FILE__) . '/assets/components/hybridauth/Hybrid/Auth.php' );

$hybridauth = new Hybrid_Auth( $config );

$google = $hybridauth->authenticate( "Google" );

$output = array(
    'status' => 'success',
    'message' => 'This is the success message',
);

$output = $modx->toJSON($output);

header('Content-type: application/json');

print $output;

So it's not actually creating a modx session yet, it will authenticate if called without using ajax, but as soon as I add the ajax part in I get a console error:

XMLHttpRequest cannot load https://accounts.google.com/o/oauth2/auth?client_id=xxx-xxx…ails.read+https%3A%2F%2Fwww.google.com%2Fm8%2Ffeeds%2F&access_type=offline. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://www.domain.com' is therefore not allowed access.

which seems pretty straightforward, something [ajax?] has added a header somewhere[not the second last line of the processor, that is added after the error]. What could be adding the header & how can I fix?

Answer 1

Since authentication requires redirecting the user to the provider, it won't work with AJAX calls. The backend script will die() in the Redirect function. The header you are seeing is probably the redirect header.

For an alternative solution, check this approach: https://stackoverflow.com/a/29891358/1816603