Here you go -
Hybridauth has a wonderful architecture that we plan to leverage throughout our code.
@sjpadgett, We probably would never get into standard portal. But you could consider our approach that there be a single authentication mechanism for everyone and everything. Then, depending on interface through which that authentication request was made, you configure the session (if applicable) using interface specific version of globals.php. So please consider value of using standard OpenEMR session for portal.
ps:
@sjpadget - If you use standard login, we did leave a hook where the match for authenticated email is found in patient record rather than users. This commit ignores such login attempt that you can take over.