We have been trying to create various PHP plugins for the PixelPin single-sign-on solution and one of these was for Drupal. I assumed it would be easy since we had already written the PixelPin plugin for HybridAuth for the wordpress social login and it is the same library.

We altered the Drupal plugin and added the PixelPin files yet when trying to login with PixelPin, the site got stuck in a redirect loop and didn't seem to log any errors apart from random ones appearing on the front page saying, "An error has occurred".

It took a while and lots of debugging code to realise that I had misunderstood the configuration of the providers. In the file hybridauth.admin.inc, all providers start with a secret, a key and an id. Since we don't use application ids, I added PixelPin to the array on line 444 which unsets the id - I was left with a key and a secret. However, the HybridAuth library requires OAuth2 providers to use id and secret, not key and secret. If these are not set, an exception is thrown but this is somehow swallowed by the framework and leads to the redirect loop.

I changed it to remove the "key" instead of the "id" from the config for PixelPin and it was all OK again!