This repository has been archived by the owner. It is now read-only.
Authenticate your site's users with OtLand through the OAuth 2.0 protocol.
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.


OAuth2 Client for

This package allows your site users to authenticate themselves through their account, which in turn returns an object with their OtLand details for you to do which what you see fit.


  • PHP 5.5.9+
  • OtLand client credentials
    • The only way to receive your own client ID & secret is by sending @Mark a private message requesting it. You will have to provide him with a project name, a short description of it, as well as a redirect URI. It is then up to him whether you'll be granted the necessary credentials or not.


Via Composer
composer require pandaac/oauth2-otland

OAuth2 Options

When instantiating the pandaac\OAuth2OtLand\Providers\OtLand object, you may pass an array of options as its first argument.

  • Client ID (required)
    Assign your Client ID to the clientId key.
  • Client Secret (required)
    Assign your Client Secret to the clientSecret key.
  • Redirect URI (required)
    Assign your Redirect URI to the redirectUri key.
  • Scopes
    Assign your scopes as an array to the scope key. It defaults to ['read'].

The API that uses is bdApi. Please refer to their documentation for anything beyond simple authorization.


Laravel 5.x

Add the OtLand OAuth2 client service provider to the service providers array in ./config/app.php.


You should then publish the package configuration files by running the following artisan command.

php artisan vendor:publish --provider="pandaac\OAuth2OtLand\FrameworkIntegration\Laravel\OtLandOAuth2ServiceProvider"

You may edit your OAuth2 credentials directly in ./config/oauth2-otland.php, although it is strongly recommended to do so through your .env file instead (OTLAND_KEY, OTLAND_SECRET & OTLAND_REDIRECT).

and finally define a route similiar to that as shown below

use Illuminate\Http\Request;
use pandaac\OAuth2OtLand\Providers\OtLand;

$router->get('/otland', function (Request $request) {
    try {

        $otland = app(OtLand::class);

        // Redirect the user to the authorization url if no code was provided
        if (! $request->has('code')) {
            $url = $otland->getAuthorizationUrl();

            $request->session()->put('oauth2state', $otland->getState());

            return redirect($url);

        // If the state is invalid, redirect the user
        if (! $request->has('state') or ($request->get('state') !== $request->session()->get('oauth2state'))) {

            return redirect('/');

        $accessToken = $otland->getAccessToken('authorization_code', [
            'code' => $request->get('code')

        $owner = $otland->getResourceOwner($accessToken);


    } catch (Exception $e) {
        // Log errors...
No framework
use pandaac\OAuth2OtLand\Providers\OtLand;


try {
    $otland = new OtLand([
        'clientId'      => 'MY-CLIENT-ID',
        'clientSecret'  => 'MY-CLIENT-SECRET',
        'redirectUri'   => 'MY-REDIRECT-URI',

    // Redirect the user to the authorization url if no code was provided
    if (! isset($_GET['code'])) {
        $url = $otland->getAuthorizationUrl();

        $_SESSION['oauth2state'] = $otland->getState();

        header('Location: '.$url);

    // If the state is invalid, redirect the user
    if (! isset($_GET['state']) or ($_GET['state'] !== $_SESSION['oauth2state'])) {

        header('Location: /');

    $accessToken = $otland->getAccessToken('authorization_code', [
        'code' => $_GET['code']

    $owner = $otland->getResourceOwner($accessToken);


} catch (Exception $e) {
    // Log errors...


Please refer to the PSR-2 guidelines and squash your commits together into one before submitting a pull request.

Thank you.