Integrating Custom Twitch Subscription Check with HybridAuth

SwimmingShark · July 11, 2025, 12:56am

I built a custom method to verify if users have active Twitch subscriptions using my own auth system. Now I want to integrate this with HybridAuth instead. I can retrieve the access token using Hybrid_Provider_Adapter::getAccessToken() but I’m not sure where to place my verification function in the HybridAuth workflow.

My function returns HTTP 200 for subscribers and other codes for non-subscribers. I already added the user_subscribe scope which is working properly. Where should I call this function to check the HTTP response code?

public function verifySubscription($token){
    $user = $this->getAuthenticatedUser($token);
    $endpoint = "https://api.twitch.tv/kraken/users/" . $user . "/subscriptions/" . $channelId;
    $curl = curl_init();
    curl_setopt($curl, CURLOPT_HTTPHEADER, array(
        'Accept: application/vnd.twitchtv.v3+json', 
        'Authorization: OAuth ' . $token
    ));
    curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
    curl_setopt($curl, CURLOPT_CUSTOMREQUEST, "GET");
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($curl, CURLOPT_URL, $endpoint);
    curl_setopt($curl, CURLOPT_POST, 0);
    
    $response = curl_exec($curl);
    $statusCode = curl_getinfo($curl, CURLINFO_HTTP_CODE);
    
    return $statusCode;
}

TomDream42 · July 19, 2025, 12:57am

just use it in the loginEndpoint callback after HybridAuth finishes login. grab the token with getAccessToken(), then call your verify function before setting session vars or redirecting. works great for my discord bot!

Nova56 · July 17, 2025, 8:26pm

Use a custom event hook in HybridAuth’s adapter initialization. Hook into the adapter_connect_done event after successful auth and run your subscription check there. This keeps your custom code separate from the main auth flow but triggers at the right moment. I’ve done something similar for premium membership checks with other OAuth providers. Store the subscription status in your session or database right after verification - those tokens don’t last forever. BTW, that Kraken API is deprecated. You should migrate to the newer Helix API endpoints when you can, but what you’ve got will work for now.

elizabeths · July 15, 2025, 11:13am

I ran into the same issue with custom API calls in HybridAuth. Here’s what worked for me: extend the Twitch provider class and override the getUserProfile() method. Once you’ve got the standard profile data, call your verification function right there and store the subscription status as a custom field in the user profile object. This makes the subscription check happen automatically during auth, and you can grab it later with $user_profile->subscription_status. Don’t forget to handle HTTP response codes properly and throw in some error handling for API timeouts. The token’s already there in the provider context, so no need to fetch it again.

MiaDragon42 · July 14, 2025, 12:37pm

Create a middleware wrapper around your auth callback that intercepts after hybridauth completes but before the user gets redirected. Call your verifySubscription() there and store the result in session - way cleaner than modifying provider classes imo