hosseinhezami / totp-authenticator
A PHP library for Time-based One-Time Password (TOTP) authentication
v1.0.0
2025-09-05 09:48 UTC
Requires
- php: >=7.4
This package is auto-updated.
Last update: 2025-09-05 10:21:56 UTC
README
A PHP library for Time-based One-Time Password (TOTP) authentication, compatible with Google Authenticator and other 2FA apps.
- Author: Hossein Hezami, @HosseinHezami
Installation
composer require hosseinhezami/totp-authenticator
Usage
use HosseinHezami\TotpAuthenticator\Authenticator; // Generate a new secret key $secret = Authenticator::createSecret(); // Generate a TOTP code $code = Authenticator::generateCode($secret); // Verify the code $isValid = Authenticator::verifyCode($secret, $code); var_dump($isValid); // true // Generate a QR code URL for Google Authenticator $qrCodeUrl = Authenticator::generateQrCodeUrl("user@example.com", $secret, "MyApp"); echo $qrCodeUrl;
Example QR Code URL
https://quickchart.io/qr?text=otpauth://totp/user@example.com?secret=XXXX&issuer=MyApp
Features
- Generate cryptographically secure secrets
- Generate TOTP codes (RFC 6238)
- Verify codes with time drift tolerance
- Generate QR code URLs for Google Authenticator and similar apps
- Timing-safe comparison to prevent timing attacks