PHPackages medo19/otp-shield - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. medo19/otp-shield ActiveLibrary[Security](/categories/security) medo19/otp-shield ================= A Laravel plug-n-play OTP/TOTP package v1.0.6(8mo ago)124MITPHPPHP ^8.1 Since Sep 4Pushed 8mo agoCompare [ Source](https://github.com/Eng-MuhammadAbdulrazek/otp-shield)[ Packagist](https://packagist.org/packages/medo19/otp-shield)[ RSS](/packages/medo19-otp-shield/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (4)Dependencies (4)Versions (8)Used By (0) OTPSHIELD ========= [](#otpshield) **OTPSHIELD** is a professional, plug-n-play **OTP/TOTP package for Laravel**. It provides secure, time-based OTPs with: - Polymorphic OTP storage (supports users, admins, devices, etc.) - Encrypted secrets - Middleware for route protection - SVG QR code generation for Google Authenticator, Authy, etc. - Artisan commands for management - Configurable period, digits, and lockout policies --- ๐Ÿ“ฆ Installation -------------- [](#-installation) Require the package and dependencies via Composer: ``` composer require medo19/otp-shield ``` Add OTPSHIELD to your Laravel project (if not using auto-discovery): ``` // config/app.php 'providers' => [ ... OtpShield\OtpShieldServiceProvider::class, ], 'aliases' => [ ... 'OtpShield' => OtpShield\Facades\OtpShield::class, ], ``` Publish the configuration and migrations: ``` php artisan vendor:publish --provider="OtpShield\OtpShieldServiceProvider" --tag="config" php artisan migrate ``` --- โš™๏ธ Configuration ---------------- [](#๏ธ-configuration) `config/otp-shield.php` contains: ``` return [ 'digits' => 6, // Number of OTP digits 'period' => 30, // Validity period in seconds 'algorithm' => 'sha1', // Hash algorithm 'issuer' => env('APP_NAME', 'Laravel App'), 'max_attempts' => 5, // Max failed attempts before lockout 'lockout_time' => 300, // Lockout duration in seconds 'default_otp_type' => 'totp', // allowed totp & hotp - Default : totp ]; ``` --- ๐Ÿงฉ Usage in Models ----------------- [](#-usage-in-models) Add the trait and contract to your User model: ``` use OtpShield\Traits\HasOtp; use OtpShield\Contracts\OtpAuthenticatable; class User extends Authenticatable implements OtpAuthenticatable { use HasOtp; } ``` --- ๐Ÿ”‘ Enable OTP ------------ [](#-enable-otp) ``` $otp = $user->enableOtp(); ``` --- ๐Ÿ–ผ Generate QR Code (SVG) ------------------------ [](#-generate-qr-code-svg) ``` $qrSvg = $user->getOtpQrCode(); // returns SVG string // Embed in Blade echo ''.$qrSvg.''; ``` Or via the facade directly: ``` use OtpShield\Facades\OtpShield; $qrSvg = OtpShield::provisioningQr($secret, $user->email, config('otp-shield.issuer')); ``` --- โœ… Verify OTP ------------ [](#-verify-otp) ``` $isValid = $user->verifyOtp('123456'); // true/false ``` --- ๐Ÿ›ก Middleware Protection ----------------------- [](#-middleware-protection) ``` Route::middleware(['auth', \OtpShield\Middleware\EnsureOtpVerified::class]) ->group(function () { Route::get('/secure-data', [SecureDataController::class, 'index']); }); ``` --- ๐Ÿ›  Artisan Commands ------------------ [](#-artisan-commands) - **Enable OTP:** ``` php artisan otp-shield:enable {user_id} ``` - **Disable OTP:** ``` php artisan otp-shield:disable {user_id} ``` - **Verify OTP manually:** ``` php artisan otp-shield:verify {user_id} {code} ``` - **Generate QR code for API / frontend (SVG):** ``` php artisan otp-shield:generate-qr {user_id} --file=optional.png ``` --- ๐Ÿ’ก Best Practices ---------------- [](#-best-practices) 1. **Always encrypt secrets** โ€” OTPSHIELD handles this automatically. 2. **Use middleware** to protect sensitive routes. 3. **Return QR as SVG** in APIs for dynamic frontend rendering. 4. **Monitor failed attempts** to prevent brute-force attacks. --- ๐Ÿงช Example Workflow ------------------ [](#-example-workflow) ``` // 1. Enable OTP $otp = $user->enableOtp(); // 2. Generate QR code for frontend $qrSvg = $user->getOtpQrCode(); // 3. Display QR code for scanning in app echo $qrSvg; // 4. User scans QR in Google Authenticator // 5. Verify OTP code during login $isValid = $user->verifyOtp($inputOtp); if ($isValid) { // Grant access } ``` --- ๐ŸŒ Supported Apps ---------------- [](#-supported-apps) - Google Authenticator - Authy - Microsoft Authenticator - Any TOTP-compatible app --- โšก Summary --------- [](#-summary) **OTPSHIELD** makes adding **secure, TOTP-based authentication** to Laravel **fast and reliable**, with minimal setup, modern SVG QR codes, and robust security features. --- ### Health Score 33 โ€” LowBetter than 75% of packages Maintenance60 Regular maintenance activity Popularity9 Limited adoption so far Community6 Small or concentrated contributor base Maturity49 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits โ€” single point of failure How is this calculated?**Maintenance (25%)** โ€” Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** โ€” Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** โ€” Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** โ€” Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~1 days Total 7 Last Release 251d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/a1419deeca6d18246c00c4be05f7f08020c80a34fada3b60cd32154fa9893d75?d=identicon)[Eng-MuhammadAbdulrazek](/maintainers/Eng-MuhammadAbdulrazek) --- Top Contributors [![Eng-MuhammadAbdulrazek](https://avatars.githubusercontent.com/u/94976634?v=4)](https://github.com/Eng-MuhammadAbdulrazek "Eng-MuhammadAbdulrazek (1 commits)") --- Tags laravelotpsecuritytotp-tokens ### Embed Badge ![Health badge](/badges/medo19-otp-shield/health.svg) ``` [![Health](https://phpackages.com/badges/medo19-otp-shield/health.svg)](https://phpackages.com/packages/medo19-otp-shield) ``` ### Alternatives [phpseclib/phpseclib PHP Secure Communications Library - Pure-PHP implementations of RSA, AES, SSH2, SFTP, X.509 etc. 5.6k434.8M1.3k](/packages/phpseclib-phpseclib)[paragonie/paseto Platform-Agnostic Security Tokens 3.4k1.3M18](/packages/paragonie-paseto)[paragonie/ciphersweet Searchable field-level encryption library for relational databases 4641.2M21](/packages/paragonie-ciphersweet)[soved/laravel-gdpr GDPR compliance with ease 299127.5k2](/packages/soved-laravel-gdpr)[masterro/laravel-xss-filter Filter user input for XSS but don't touch other html 41254.5k](/packages/masterro-laravel-xss-filter)[nickurt/laravel-pwned-passwords PwnedPasswords for Laravel 11.x/12.x/13.x 187.5k](/packages/nickurt-laravel-pwned-passwords) PHPackages ยฉ 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)