sethadam1/googleauthenticator

Google Authenticator 2-factor authentication

Maintainers

Package info

github.com/sethadam1/GoogleAuthenticator

pkg:composer/sethadam1/googleauthenticator

Statistics

Installs: 0

Dependents: 0

Suggesters: 0

Stars: 0

Open Issues: 0

Security

Advisories: 0

Aikido package health analysis

dev-master 2026-05-20 13:29 UTC

Requires

  • php: >=8.2

Requires (Dev)

BSD-4-Clause feee2723f0d9af7b9e27b3537d38095d23fc9a27

totpgoogleauthenticatorrfc6238

This package is auto-updated.

Last update: 2026-05-20 13:29:43 UTC

README

Forked and maintained by Adam Scheinberg (GitHub) (2026). This is a fork of PHPGangsta/GoogleAuthenticator with PHP 8.2+ modernization, updated class naming, and Packagist packaging. Released under the same BSD-4-Clause license. See LICENSE.md for details.

This PHP class can be used to interact with the Google Authenticator mobile app for 2-factor-authentication. It can generate secrets, generate codes, validate codes, and produce a QR code URL for scanning. It implements TOTP according to RFC6238.

For a secure installation you have to make sure that used codes cannot be reused (replay-attack). You also need to limit the number of verifications to fight against brute-force attacks. For example, limit attempts to 10 tries within 10 minutes per IP address (or IPv6 block).

Requirements:

  • PHP 8.2 or higher
  • Tested on PHP 8.2, 8.3, 8.4, and 8.5

Installation:

composer require sethadam1/googleauthenticator

Or add to your composer.json:

{
    "require": {
        "sethadam1/googleauthenticator": "^1.0"
    }
}

Usage:

<?php
require_once __DIR__ . '/vendor/autoload.php';

$ga = new GoogleAuthenticator();
$secret = $ga->createSecret();
echo "Secret is: " . $secret . "\n\n";

$qrCodeUrl = $ga->getQRCodeUrl('Blog', $secret);
echo "QR-Code URL: " . $qrCodeUrl . "\n\n";

$oneCode = $ga->getCode($secret);
echo "Checking Code '$oneCode' and Secret '$secret':\n";

$checkResult = $ga->verifyCode($secret, $oneCode, 2);    // 2 = 2*30sec clock tolerance
if ($checkResult) {
    echo 'OK';
} else {
    echo 'FAILED';
}

Running the script provides the following output:

Secret is: OQB6ZZGYHCPSX4AK

QR-Code URL: https://api.qrserver.com/v1/create-qr-code/?data=otpauth%3A%2F%2Ftotp%2FBlog%3Fsecret%3DOQB6ZZGYHCPSX4AK&size=200x200&ecc=M

Checking Code '848634' and Secret 'OQB6ZZGYHCPSX4AK':
OK

Migrating from PHPGangsta/GoogleAuthenticator:

This library is a drop-in replacement. Legacy names are aliased and fully functional, so no code changes are required. To adopt the modern names at your own pace:

Legacy Modern
new PHPGangsta_GoogleAuthenticator() new GoogleAuthenticator()
getQRCodeGoogleUrl(...) getQRCodeUrl(...)

Run Tests:

composer install
./vendor/bin/phpunit tests/