RFC 6238 / TOTP: Time-Based One-Time Password Algorithm

1.1.0 2016-04-05 13:05 UTC

This package is auto-updated.

Last update: 2020-11-18 22:03:50 UTC


PHP implementation of RFC6238 (TOTP: Time-Based One-Time Password Algorithm).

License Build Status Latest Stable Version Scrutinizer Code Quality Code Climate Test Coverage


  • PHP (64-bits): PHP 5.4.0 or later
  • PHP Extensions: hash, openssl


  1. Set up Composer, the de facto standard package manager.
  2. php composer.phar require jp3cki/totp:^1.1


use jp3cki\totp\Totp;

// Generate new shared-secret key (for each user)
$secret = Totp::generateKey();
echo "secret: {$secret}\n";
echo "\n";

// Make URI for importing from QRCode.
$uri = Totp::createKeyUriForGoogleAuthenticator($secret, '', 'Issuer Name');
echo "uri: {$uri}\n";
echo "\n";

// Verify user input
$userInput = '123456'; // $_POST['totp']
$isValid = Totp::verify($userInput, $secret, time());


The MIT License.

Copyright (c) 2015-2016 AIZAWA Hina <>


Patches and/or report issues are welcome.

  • Please create new branch for each issue or feature. (should not work in master branch)
  • Please write and run test. $ make test
  • Please run check-style for static code analysis and coding rule checking. $ make check-style
  • Please clean up commits.
  • Please create new pull-request for each issue or feature.
  • Please gazing the results of Travis-CI and other hooks.
  • Please use Japanese or very simple English to create new pull-request or issue.