Odnoklassniki OAuth Authentication Implementation for Websites
Odnoklassniki is part of VK Group. Auth via OK is relevant for 35+ audience, especially in Russia and CIS regions. Implemented via OAuth2 with specifics in request signing for OK API.
Registering Application
- ok.ru/dk?st.cmd=appcenter (or developer section)
- Create external application
- Specify site address and allowed redirect URIs
- Get: App ID, Public key, Secret key
Laravel Socialite
composer require laravel/socialite socialiteproviders/odnoklassniki
// config/services.php
'odnoklassniki' => [
'client_id' => env('OK_APP_ID'),
'client_secret' => env('OK_SECRET_KEY'),
'client_public' => env('OK_PUBLIC_KEY'),
'redirect' => env('OK_REDIRECT_URI'),
],
class OkAuthController extends Controller
{
public function redirect(): RedirectResponse
{
return Socialite::driver('odnoklassniki')
->scopes(['VALUABLE_ACCESS', 'GET_EMAIL'])
->redirect();
}
public function callback(): RedirectResponse
{
try {
$okUser = Socialite::driver('odnoklassniki')->user();
} catch (\Exception $e) {
return redirect('/login')->withErrors(['ok' => 'Odnoklassniki authorization error']);
}
$user = User::updateOrCreate(
['ok_id' => $okUser->getId()],
[
'name' => $okUser->getName(),
'email' => $okUser->getEmail() ?: null,
'avatar' => $okUser->getAvatar(),
]
);
Auth::login($user, remember: true);
return redirect()->intended('/dashboard');
}
}
Signing OK API Requests
OK API has specifics: requests are signed with MD5 hash of parameters + session_secret_key. Socialite provider handles this automatically, but for direct API calls account for:
function signOkRequest(array $params, string $accessToken, string $secretKey): string
{
ksort($params);
$paramString = '';
foreach ($params as $key => $value) {
$paramString .= "{$key}={$value}";
}
// session_secret_key = MD5(access_token + secret_key)
$sessionSecretKey = md5($accessToken . $secretKey);
return md5($paramString . $sessionSecretKey);
}
Available Data
| Field | Availability |
|---|---|
| UID (unique ID) | Always |
| Name and surname | Always |
| Avatar | Always |
| Requires scope GET_EMAIL, may be absent | |
| Date of birth | Via additional request to users.getInfo |
| City | Via additional request |
Timeline
1–2 days.