hosseinhezami/totp-authenticator

A PHP library for Time-based One-Time Password (TOTP) authentication

v1.0.0 2025-09-05 09:48 UTC

This package is auto-updated.

Last update: 2025-09-05 10:21:56 UTC


README

A PHP library for Time-based One-Time Password (TOTP) authentication, compatible with Google Authenticator and other 2FA apps.

Installation

composer require hosseinhezami/totp-authenticator

Usage

use HosseinHezami\TotpAuthenticator\Authenticator;

// Generate a new secret key
$secret = Authenticator::createSecret();

// Generate a TOTP code
$code = Authenticator::generateCode($secret);

// Verify the code
$isValid = Authenticator::verifyCode($secret, $code);
var_dump($isValid); // true

// Generate a QR code URL for Google Authenticator
$qrCodeUrl = Authenticator::generateQrCodeUrl("user@example.com", $secret, "MyApp");
echo $qrCodeUrl;

Example QR Code URL

https://quickchart.io/qr?text=otpauth://totp/user@example.com?secret=XXXX&issuer=MyApp

Features

  • Generate cryptographically secure secrets
  • Generate TOTP codes (RFC 6238)
  • Verify codes with time drift tolerance
  • Generate QR code URLs for Google Authenticator and similar apps
  • Timing-safe comparison to prevent timing attacks