mkd / laravel-otp
Laravel package for generating and verifying One-Time Passwords (OTPs) using TOTP (Time-based One-Time Password) and HOTP (HMAC-based One-Time Password) algorithms.
Requires
- php: ^8.0
- laravel/framework: ^8.0|^9.0|^10.0|^11.0
Requires (Dev)
- phpunit/phpunit: ^9.5
README
A simple Laravel package for generating and verifying One-Time Passwords (OTPs) using TOTP (Time-based One-Time Password) and HOTP (HMAC-based One-Time Password) algorithms.
Installation
You can install the package via Composer:
composer require mkd/laravel-otp
Example
Scan This QR Code using Authenticator app
Here's a simple example demonstrating how to generate and verify an OTP:
use MKD\LaravelOTP\LaravelOTP; $secret = 'WSRNGQX4J57FL2POVHDAMBI6ZTK3CYUE'; // Base32 encoded secret $otpService = LaravelOTP::make($secret); // Generate current OTP $currentOTP = $otpService->now(); echo "Current OTP: $currentOTP\n"; // Verify the OTP $isValid = $otpService->verifyTOTP($currentOTP); echo $isValid ? "OTP is valid!" : "OTP is invalid!";
Usage
Creating an Instance
You can create an instance of the LaravelOTP class by providing a secret key:
use MKD\LaravelOTP\LaravelOTP; $otpService = LaravelOTP::make('your-secret-key');
Public Methods
now(): string
Returns the current TOTP for the current timeframe.
$otp = $otpService->now();
last(): string
Returns the TOTP for the previous timeframe (30 seconds earlier).
$otp = $otpService->last();
next(): string
Returns the TOTP for the next timeframe (30 seconds later).
$otp = $otpService->next();
at(int $offset = 0): string
Returns the TOTP for a custom timeframe based on the provided offset. An offset of 0 returns the current TOTP, -1 returns the last OTP, and 1 returns the next OTP.
$otp = $otpService->at(-1); // Last TOTP $otp = $otpService->at(1); // Next TOTP
generateSecretKey(): string
Generates a new secret key.
$secretKey = $otpService->generateSecretKey();
atCounter(int $counter): string
Returns the HOTP for a specific counter value.
$otp = $otpService->atCounter(1); // OTP for counter 1
verifyTOTP(string $otp, string|null $secret = null): bool
Verifies a given TOTP against the current, previous, and next timeframes. If a secret key is provided, it overrides the current secret.
$isValid = $otpService->verifyTOTP('123456'); // Validate TOTP
verifyHOTP(string $otp, int $counter, string|null $secret = null): bool
Verifies a given HOTP against a specific counter. If a secret key is provided, it overrides the current secret.
$isValid = $otpService->verifyHOTP('123456', 1); // Validate HOTP for counter 1
Google Authenticator Compatible
generateUrl(string $label, string $issuer, string $secretKey = null, int $counter = null): string
Generates an OTP Auth URL for use in generating a QR code. This URL can be used by OTP apps like Google Authenticator.
- Parameters:
string $label: A unique identifier for the OTP (usually the user's email or username).string $issuer: The name of your application (used as the issuer for the OTP).string|null $secretKey: An optional secret key. If not provided, the instance's secret key will be used.int|null $counter: An optional counter for HOTP. If provided, the method will generate an HOTP URL instead of TOTP.
Usage Example:
$label = 'user@example.com'; $issuer = 'YourAppName'; $otpUrl = $otpService->generateUrl($label, $issuer); echo "OTP Auth URL: $otpUrl" // otpauth://totp/Name?secret=WSRNGQX4J57FL2POVHDAMBI6ZTK3CYUE&issuer=APP;
License
This package is licensed under the MIT License. See the LICENSE file for more information.