uthmandev / swift2fa
A secure and easy way to implement Two-Factor Authentication (2FA) with PHP. This library provides an easy-to-use solution for integrating 2FA into your applications, including QR code generation, token verification, and secret key management.
Requires
- php: ^7.4 || ^8.0
- chillerlan/php-qrcode: dev-main
- paragonie/constant_time_encoding: dev-master
- phpmailer/phpmailer: dev-master
- twilio/sdk: dev-main
- vlucas/phpdotenv: ^5.0
Requires (Dev)
- phpunit/phpunit: ^12.0@dev
This package is not auto-updated.
Last update: 2025-04-27 10:41:56 UTC
README
SWIFT2FA
Easy and Secure 2-Factor Authentication
Overview
Swift2FA is a secure and easy-to-use PHP library for implementing two-factor authentication. It supports various authentication methods, including:
- Authenticator apps (Google Authenticator and others)
- Email authentication via SMTP with PHPMailer
- SMS-based authentication using services like Twilio
Key Features
- Simple integration process
- High-security standards
- Multiple authentication methods
- Built-in encryption for secret keys
- QR code generation
- Flexible time-step settings
- Email and SMS delivery options
Installation
composer require uthmandev/swift2fa
Usage Guide
Basic Setup
use Swift2FA\Swift2FA; $swift2fa = new Swift2FA();
Key Management
- Encrypting Keys
// Generate and encrypt a new secret key $encryptedKey = $swift2fa->encryptKey();
- Decrypting Keys
// Decrypt a stored encrypted key $decryptedKey = $swift2fa->decryptKey($encryptedKey);
TOTP Operations
- Generating TOTP
// Generate a time-based one-time password $totpCode = $swift2fa->generateTOTP($secret, $timeStep = 30, $codeLength = 6);
- Validating TOTP
// Validate a user-provided TOTP code $isValid = $swift2fa->TOTPValidate($userInput, $secret);
QR Code Generation
// Generate a QR code for authenticator apps $qrCode = $swift2fa->generateQR($userEmail, $decryptedSecret);
Authentication Link Generation
// Generate an otpauth:// link $authLink = $swift2fa->generatelink($userEmail, $decryptedSecret);
Sending Authentication Codes
- Via Email
// Send TOTP via email $swift2fa->Mail( mailType: 'SMTP', email: 'user@example.com', message: 'Your authentication code is: ' . $totpCode, name: 'User Name', subject: 'Authentication Code' );
- Via SMS
// Send TOTP via SMS $swift2fa->SMS( phoneNumber: '+1234567890', messageBody: 'Your authentication code is: ' . $totpCode, name: 'User Name' );
Configuration
Environment Variables
Create a .env file with the following configurations:
# General Settings APP_NAME=your_app_name ENCRYPTION_KEY=your_secure_encryption_key # Email (SMTP) Settings HOST=smtp.gmail.com USER_NAME=your_email@gmail.com PASSWORD=your_gmail_app_password PORT=465 SMTP_SECURE=ssl # SMS (Twilio) Settings TWILIO_SID=your_twilio_sid TWILIO_AUTH_TOKEN=your_twilio_auth_token TWILIO_PHONE_NUMBER=your_twilio_phone_number
Important Notes
-
Security
- Store encryption keys securely
- Restrict access to environment files
- Use HTTPS for all authentication operations
-
TOTP Validation
- Standard time step is 30 seconds
- Email TOTP might require longer time steps (e.g., 120 seconds)
- QR codes should be the primary method for adding TOTP to authenticator apps
-
Authentication Links
otpauth://links won't work in browsers- Use QR codes for adding to authenticator apps
Contributing
Contributions are welcome! To contribute:
- Fork the repository
- Create your feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
License
This project is licensed under the MIT License - see the LICENSE file for details.
Contact
- Developer: Uthman Oladele
- Website: dev-utman.vercel.app
- Email: uoladele99@gmail.com
If you find this project useful, please consider giving it a ⭐ star on GitHub!