Users synchronization (SSO)

SSO allows users to sign in to your site and use HyperComments without again authenticating with HyperComments.

To synchronize users you need to:

  1. In administrative section"Settings" -> "API settings" enter the "Secret key", put a checkbox into "Authorization of users going through your site" field.
    For Wordpress users the secret key is generated automatically with plugin activation and it is impossible to edit it.
  2. You need to add option auth into widget code (see details)
auth value option formation

The auth option from comments widget code sends:

  1. Information about your user, who needs to be authorized in Hypercomments
  2. Digital signature
  3. Time unixtime by UTC

These auth string options must be divided. The final string should be as follows:


, where

  • USERINFO - user information
  • TIME - current time inunixtime format by UTC
  • SIGNATURE - digital signature
Creating of array with user data (USERINFO)

To create this array you need to form the JSON string with user data


, where

  • nick - user name
  • avatar - address of user's avatar
  • id - user id in your system
  • email - user's email
  • profile_url - link to user's profile in your system

Then it is necessary to encode this JSON string using Base64 algorithm.

Signature creation
Signature is created as md5 hash from the joint strings "Secret key"+"User information"+"Time":
Example of creation auth option value on PHP

Example of user's data array:

$user = array(
  'nick'        => 'Dmitry',
  'avatar'      => '',
  'id'          => '18',
  'email'       => '',
  'profile_url' => ''

Creation of auth string:

$time        = time();
$secret      = "SECRETKEY"; // Secret key, that you've entered on the website's admin panel.
$user_base64 = base64_encode( json_encode($user) );
$sign        = md5($secret . $user_base64 . $time);
$auth        = $user_base64 . "_" . $time . "_" . $sign;

Sending auth option value to comments widget:

_hcwp.push({widget:"Stream", widget_id: WIDGET_ID, auth: <?php echo $auth;?>});