Search by 
fisal / laravel-otp
A simple package to generate and validate OTPs (internal fork with improvements)
Maintainers
v1.0.3
2026-02-13 00:18 UTC
Requires
- php: ^8.1|^8.2|^8.3|^8.4|^8.5|^8.6|^8.7|^8.8|^8.9|^9.0
- illuminate/database: ^9.0|^10.0|^11.0|^12.0|^13.0
- illuminate/support: ^9.0|^10.0|^11.0|^12.0|^13.0
- nesbot/carbon: ^2.0|^3.0
Requires (Dev)
- orchestra/testbench: ^7.0|^8.0|^9.0
- phpunit/phpunit: ^9.6|^10.0|^11.0
README
A lightweight Laravel package to generate and validate one-time passwords (OTPs).
This is a maintained fork intended for real projects: it adds OTP type binding (e.g. login, 2fa) and an attempts limit.
Installation
composer require fisal/laravel-otp:^1.0
Configuration (optional)
Publish config (optional):
php artisan vendor:publish --tag=otp-config
Then you can control max attempts via:
config/otp.php- or env:
OTP_MAX_ATTEMPTS=5
Usage
Generate OTP
use Otp; // tokenType: numeric | alpha_numeric // otpType: purpose binding (login | 2fa | reset_password | ...) $result = Otp::generate( identifier: '201001234567', tokenType: 'numeric', length: 6, validity: 5, otpType: 'login' ); $token = $result->token;
Validate OTP (consumes on success)
$result = Otp::validate( identifier: '201001234567', token: '123456', otpType: 'login' ); if ($result->status) { // valid } else { // invalid / expired // optional: $result->remaining_attempts }
Boolean check (does NOT consume)
$isValid = Otp::isValid('201001234567', '123456', 'login');
Artisan
Clean invalid and expired OTPs:
php artisan otp:clean
License
MIT