PHPackages dolondro/google-authenticator - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. dolondro/google-authenticator ActiveLibrary[Authentication & Authorization](/categories/authentication) dolondro/google-authenticator ============================= Code to authenticate against the Google Authenticator app 2.2.0(4y ago)113466.1k—4.7%44[1 PRs](https://github.com/dochne/google-authenticator/pulls)MITPHPPHP >=5.4CI failing Since Feb 28Pushed 2y ago7 watchersCompare [ Source](https://github.com/dochne/google-authenticator)[ Packagist](https://packagist.org/packages/dolondro/google-authenticator)[ RSS](/packages/dolondro-google-authenticator/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (10)Dependencies (8)Versions (14)Used By (0) GoogleAuthenticator =================== [](#googleauthenticator) Author's note ------------- [](#authors-note) Although this library is not deprecated by any means and should continue to work well, since the release of this library other projects have implemented this in a non-terrible style and have gained reasonable traction. Before you implement this, consider whether [otphp](https://github.com/Spomky-Labs/otphp) may suit your use case. Introduction ------------ [](#introduction) 2 factor authentication is pretty awesome. Far too many people use the same password for multiple things, and sometimes it's nice to actually have a secure application. Using the Google Authenticator allows people to have another layer of security that will only allow them to access your web application/service if they have both the password and the correctly setup Google Authenticator app on their phone. Implementation -------------- [](#implementation) As far as I could tell, there were (at the time of writing) 2 other PHP libraries for interacting with the Google Authenticator. Both of which work but neither of which seem to be updated much nor incorporate modern best practises. This library has the advantage of being slightly nicer (I hope) to integrate into existing libraries, and contains inbuilt support for using a PSR-6 cache interface to reduce the possibility of a replay attack. Usage ----- [](#usage) You can initially create the a secret code for use in your application using: ``` $issuer = "MyAwesomeCorp"; $accountName = "MrsSmith"; $secretFactory = new SecretFactory(); $secret = $secretFactory->create($issuer, $accountName); ``` This gives you a secret. You should: 1. feed this object into a QrImageGenerator so your user can scan the QR code into their phone 2. attach the secret to their user account so you can query it There are 2 ImageGenerator implementations included with this library: 1. EndroidQrImageGenerator which requires you composer require `endroid/qr-code:~2.2|~3` which generates it without any external service dependencies. 2. GoogleImageGenerator which uses the Google QR code API to generate the image. I'd recommend using Endroid as it seems that Google has now [deprecated their QR code API](https://developers.google.com/chart/infographics/docs/qr_codes) If neither of these fit the bill for some reason, it's easy to create another implementation, as all it needs to do is generate a QR code for the data in `$secret->getUri()` You can verify that the user has been successful by using this: ``` $googleAuth = new GoogleAuthenticator(); $googleAuth->authenticate($secret, $code); ``` Authenticate will either boolean true/false. If you want to use a PSR-6 cache interface to attempt to prevent replay attacks, you can do so like so: ``` $googleAuth = new GoogleAuthenticator(); $googleAuth->setCache($cacheItemPoolInterface); $googleAuth->authenticate($secret, $code); ``` If the code has been used for that secret in the last 30 seconds, it will return false. Examples -------- [](#examples) An example working implementation of this code can be found in the example.php file, which can be run either as: ``` php example.php ``` Which will allow you to generate a secret, then test it, or: ``` php example.php mysecretcode ``` Which will allow you to take an already existing code and again, test if your code is valid References ---------- [](#references) Other PHP Google Authenticator implementations: - - Specification for Google Authenticator: - ### Health Score 44 — FairBetter than 92% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity53 Moderate usage in the ecosystem Community22 Small or concentrated contributor base Maturity65 Established project with proven stability Bus Factor1 Top contributor holds 78.4% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~159 days Recently: every ~216 days Total 13 Last Release 1820d ago Major Versions 1.1.1 → 2.0.02018-05-24 ### Community Maintainers ![](https://www.gravatar.com/avatar/194d1fe23e2566b3c00d0edf69239351d6c7b442abb17c8e92f8f4d1b58945af?d=identicon)[Dolondro](/maintainers/Dolondro) --- Top Contributors [![dochne](https://avatars.githubusercontent.com/u/1678803?v=4)](https://github.com/dochne "dochne (29 commits)")[![biozshock](https://avatars.githubusercontent.com/u/169384?v=4)](https://github.com/biozshock "biozshock (3 commits)")[![bugreportuser](https://avatars.githubusercontent.com/u/37939393?v=4)](https://github.com/bugreportuser "bugreportuser (1 commits)")[![csbarker-jobadder](https://avatars.githubusercontent.com/u/94833755?v=4)](https://github.com/csbarker-jobadder "csbarker-jobadder (1 commits)")[![jdreesen](https://avatars.githubusercontent.com/u/424602?v=4)](https://github.com/jdreesen "jdreesen (1 commits)")[![nitinsbuzz](https://avatars.githubusercontent.com/u/19207271?v=4)](https://github.com/nitinsbuzz "nitinsbuzz (1 commits)")[![samnela](https://avatars.githubusercontent.com/u/1852108?v=4)](https://github.com/samnela "samnela (1 commits)") ### Code Quality TestsPHPUnit Static AnalysisPHPStan Type Coverage Yes ### Embed Badge ![Health badge](/badges/dolondro-google-authenticator/health.svg) ``` [![Health](https://phpackages.com/badges/dolondro-google-authenticator/health.svg)](https://phpackages.com/packages/dolondro-google-authenticator) ``` ### Alternatives [google/auth Google Auth Library for PHP 1.4k272.7M162](/packages/google-auth)[friendsofsymfony/oauth-server-bundle Symfony2 OAuth Server Bundle 1.1k15.1M133](/packages/friendsofsymfony-oauth-server-bundle)[kreait/firebase-tokens A library to work with Firebase tokens 24040.8M14](/packages/kreait-firebase-tokens)[auth0/login Auth0 Laravel SDK. Straight-forward and tested methods for implementing authentication, and accessing Auth0's Management API endpoints. 2745.0M3](/packages/auth0-login)[nucleos/user-bundle Lightweight user management for symfony 61380.7k5](/packages/nucleos-user-bundle)[enygma/gauth PHP library to generate codes compatible with the Google Authenticator clients 75129.0k1](/packages/enygma-gauth) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)