PHPackages lp2/laravel-passport-2fa - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. lp2/laravel-passport-2fa ActiveLibrary[Authentication & Authorization](/categories/authentication) lp2/laravel-passport-2fa ======================== working with 2fa use laravel passport 15134PHP Since Mar 27Pushed 4y ago1 watchersCompare [ Source](https://github.com/Daheimm/laravel-passport-2fa)[ Packagist](https://packagist.org/packages/lp2/laravel-passport-2fa)[ RSS](/packages/lp2-laravel-passport-2fa/feed)WikiDiscussions master Synced 1mo ago READMEChangelogDependenciesVersions (1)Used By (0) Package to work with two-factor authentication along with laravel passport In your Users model you should add ``` use TwoFactorAuthentication ``` run the migrations ``` php artisan migrate ``` they will add three fields to the users table,also add them to fillable ``` 'google2fa_secret', 'google2fa_recovery_codes', 'google2fa_enable', ``` You now have these routers available, routers are secured by default Route::middleware('auth:api') ``` POST two-factor-authentication DELETE two-factor-authentication/{user} GET|HEAD two-factor-qr-code GET|HEAD two-factor-recovery-codes ``` How it works We always get a unique ik-svu until it is enabled. Enabled using a code obtained from the Google authorization of the application ``` GET|HEAD two-factor-qr-code ``` Enables and disables 2FA, but backup codes can be used to disable it. ``` POST two-factor-authentication DELETE two-factor-authentication/{user} ``` List of backup codes, they have statuses for display on the frontend. ``` GET|HEAD two-factor-recovery-codes { "code": "DiAHiXyqsV-PZ2grE1huc", "active": false }, { "code": "jqzDmcYYmA-xCQiU75dyJ", "active": true }, ``` Now, when authorizing through a passport, you will have to add a code field to the request body. This is the code from the Google application or the backup code. This should work. When an access request comes in, we check to see if 2AF is enabled. Return if "status2FA" is enabled: true. further in the request body you have to send Example for auth url oauth/token ``` "grant_type" : "password", "client_id" : "2", "client_secret" : "6wAGwcP98VT90S5biQZjREIq4udQ7EhmwNrUzBkV", "username": "amosciski@example.com", "password": "password", "scope": "", "code":"DiAHiXyqsV-PZ2grE1huc" ``` Then you can get a token for further work. ### Health Score 19 — LowBetter than 10% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity17 Limited adoption so far Community6 Small or concentrated contributor base Maturity26 Early-stage or recently created project How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Community Maintainers ![](https://www.gravatar.com/avatar/c3e748bbaa6abe9645cc5f43253e15eab00a1df03b6a214948d03771ecaa0a5b?d=identicon)[Daheimm](/maintainers/Daheimm) ### Embed Badge ![Health badge](/badges/lp2-laravel-passport-2fa/health.svg) ``` [![Health](https://phpackages.com/badges/lp2-laravel-passport-2fa/health.svg)](https://phpackages.com/packages/lp2-laravel-passport-2fa) ``` ### Alternatives [namshi/jose JSON Object Signing and Encryption library for PHP. 1.8k99.6M101](/packages/namshi-jose)[league/oauth1-client OAuth 1.0 Client Library 99698.8M106](/packages/league-oauth1-client)[bezhansalleh/filament-shield Filament support for `spatie/laravel-permission`. 2.8k2.9M88](/packages/bezhansalleh-filament-shield)[gesdinet/jwt-refresh-token-bundle Implements a refresh token system over Json Web Tokens in Symfony 70516.4M35](/packages/gesdinet-jwt-refresh-token-bundle)[league/oauth2-google Google OAuth 2.0 Client Provider for The PHP League OAuth2-Client 41721.2M118](/packages/league-oauth2-google)[illuminate/auth The Illuminate Auth package. 9327.3M1.0k](/packages/illuminate-auth) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)