Simple TOTP (RFC 6238)

v2.0.2 2018-02-22 05:27 UTC

This package is not auto-updated.

Last update: 2023-03-18 10:14:09 UTC


TOTP is a simple, compact and bare-bones PHP class for calculating TOTP tokens using the SHA1 default, commonly used for two-factor authentication in mobile apps such as Google Authenticator. It comprises three public methods of which only one is necessary to call to get a token.


Simply call $totp->getOTP( $secret [, $digits = 6 [, $period = 30 [, $offset = null ]]] ) which returns a string holding the authentication token.

The other two functions are meant to be convenient utilities:

$totp->genSecret( [ $length = 24 ] ) generates a TOTP-compatible pseudorandom secret in Base32 ASCII, returning a string holding the random secret.

$totp->genURI( $account, $secret [, $digits = null [, $period = null [, $issuer = '' ]]] ) returns a string holding an otpauth:// style URI providing the supplied parameters, which can be embedded in a QR code image.

NOTE: All arguments are validated and every method may throw an Assert\AssertionFailedException detailing the error.


TOTP is released under the Creative Commons BY-NC-SA 4.0 license.

Portions Copyright (c) 2014 Robin Leffman. The original source is available on github.