PHPackages mix-code/filament-multi-2fa - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. mix-code/filament-multi-2fa ActiveLibrary[Authentication & Authorization](/categories/authentication) mix-code/filament-multi-2fa =========================== Implementing Email OTP and Authenticator App 2FA Logic with Trusted Devices Support v1.3.0(12mo ago)75.0k↓29.5%4MITPHPPHP ^8.1CI passing Since Mar 20Pushed 12mo ago2 watchersCompare [ Source](https://github.com/mix-code/filament-multi-2fa)[ Packagist](https://packagist.org/packages/mix-code/filament-multi-2fa)[ Docs](https://github.com/mix-code/filament-multi-2fa)[ GitHub Sponsors](https://github.com/mix-code)[ RSS](/packages/mix-code-filament-multi-2fa/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (6)Dependencies (12)Versions (8)Used By (0) Filament Multi 2FA ================== [](#filament-multi-2fa) [![Latest Version on Packagist](https://camo.githubusercontent.com/4391d0574f44a5010678cc04b991711dca8efe516110b98ce69f91f22d009c85/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f6d69782d636f64652f66696c616d656e742d6d756c74692d3266613f7374796c653d666c61742d737175617265)](https://packagist.org/packages/mix-code/filament-multi-2fa)[![GitHub Tests Action Status](https://camo.githubusercontent.com/3c718137628cc1585ab12c010ddcea1195ed077e920a004f936e11f15085bfc4/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f616374696f6e732f776f726b666c6f772f7374617475732f6d69782d636f64652f66696c616d656e742d6d756c74692d3266612f72756e2d74657374732e796d6c3f6272616e63683d6d61696e266c6162656c3d7465737473267374796c653d666c61742d737175617265)](https://github.com/mix-code/filament-multi-2fa/actions?query=workflow%3Arun-tests+branch%3Amain)[![GitHub Code Style Action Status](https://camo.githubusercontent.com/25b5d367c2a443b2b35580fb99dd717f3b3b83c0e68454257de29f610c0e9154/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f616374696f6e732f776f726b666c6f772f7374617475732f6d69782d636f64652f66696c616d656e742d6d756c74692d3266612f6669782d7068702d636f64652d7374796c652d6973737565732e796d6c3f6272616e63683d6d61696e267374796c653d666c61742d737175617265)](https://github.com/mix-code/filament-multi-2fa/actions/workflows/fix-php-code-style-issues.yml?query=workflow%3A%22Fix+PHP+code+styling+issues%22+branch%3Amain)[![Total Downloads](https://camo.githubusercontent.com/5932f9a1bcd4495c33d0067a5414d2a39867746455741933137ea6295ebdf0ea/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f6d69782d636f64652f66696c616d656e742d6d756c74692d3266612e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/mix-code/filament-multi-2fa) Implementing Email OTP and Authenticator App 2FA logic with Trusted Devices support. Features -------- [](#features) Installation ------------ [](#installation) You can install the package via composer: ``` composer require mix-code/filament-multi-2fa ``` Install plugin configs and migrations: ``` php artisan filament-multi-2fa:install ``` Optionally, you can publish the lang files with: ``` php artisan vendor:publish --tag="filament-multi-2fa-translations" ``` Optionally, you can publish the views using: ``` php artisan vendor:publish --tag="filament-multi-2fa-views" ``` Usage ----- [](#usage) ### 1️⃣ Register the plugin in your Filament Panel [](#1️⃣-register-the-plugin-in-your-filament-panel) In your PanelProvider (e.g., AdminPanelProvider): ``` public function panel(Panel $panel): Panel { return $panel // other panel setup... ->plugins([ // ... \MixCode\FilamentMulti2fa\FilamentMulti2faPlugin::make(), ]); } ``` Force 2FA setup: ``` public function panel(Panel $panel): Panel { return $panel ->plugins([ \MixCode\FilamentMulti2fa\FilamentMulti2faPlugin::make() ->forceSetup2fa(), ]); } ``` ### 2️⃣ Configure User Model [](#2️⃣-configure-user-model) In your `User` model, use the `UsingTwoFA` trait, guarded attributes and casts: ``` use MixCode\FilamentMulti2fa\Traits\UsingTwoFA; use MixCode\FilamentMulti2fa\Enums\TwoFactorAuthType; class User extends Authenticatable { use UsingTwoFA; protected $guarded = [ 'two_factor_type', 'two_factor_secret', 'two_factor_recovery_codes', 'two_factor_sent_at', 'two_factor_expires_at', 'two_factor_confirmed_at', ]; protected $casts = [ 'two_factor_type' => TwoFactorAuthType::class, 'two_factor_sent_at' => 'datetime', 'two_factor_expires_at' => 'datetime', 'two_factor_confirmed_at' => 'datetime', ]; // ... } ``` You can also configure redirection after OTP verification by overriding `redirectAfterVerifyUrl`: ``` public function redirectAfterVerifyUrl(): ?string { return route('home'); } ``` To list user trusted devices: ``` $user->trustedDevices(); ``` ### 3️⃣ Features Automatically Handled by the Plugin: [](#3️⃣-features-automatically-handled-by-the-plugin) - 🛡️ 2FA Setup Page (users can select Email OTP or Authenticator App) - 🔑 OTP Verification Page to protect access based on trusted device and 2FA status - 🖥 Trusted Device Middleware to check trusted device cookies and enforce OTP verification - 🔐 Adds a shortcut in the user menu to access the 2FA setup page ### 4️⃣ Automatic Logout Handling [](#4️⃣-automatic-logout-handling) When users log out, the plugin clears their `two_factor_confirmed_at` column automatically: ``` Event::listen(Logout::class, function ($event) { $user = $event->user; if ($user) { $user->two_factor_confirmed_at = null; $user->save(); } }); ``` ### 5️⃣ Customize settings from the config file [](#5️⃣-customize-settings-from-the-config-file) ``` return [ /* |-------------------------------------------------------------------------- | Models Configuration |-------------------------------------------------------------------------- | | Define the models used by the package here. These models will be used | for users and trusted device storage. | */ 'user_model' => \App\Models\User::class, 'trust_device_model' => \MixCode\FilamentMulti2fa\Models\TrustDevice::class, /* |-------------------------------------------------------------------------- | Notifications |-------------------------------------------------------------------------- | | Specify the notification class responsible for sending the OTP code | to the user. | */ 'otp_notification_class' => \MixCode\FilamentMulti2fa\Notifications\TwoFactorCodeNotification::class, /* |-------------------------------------------------------------------------- | QR Code Rendering Backend |-------------------------------------------------------------------------- | | Choose the QR code rendering service to generate the QR Code for TOTP. | | Supported Services: | | 1. BaconQrCode (default): | - Renders PNG (inline or file) | - Requires the Imagick PHP extension (depending on backend) | - Can render SVG with custom setup, but PNG is common default | | 2. chillerlan/php-qrcode: | - Outputs base64-encoded PNG by default | - Supports SVG rendering via OUTPUT_MARKUP_SVG | - Does NOT require Imagick or GD by default for PNG base64 | - Other formats (PNG file, SVG file) may require GD/Imagick if saved to disk | */ // Default to BaconQrCode 'qr_code_backend_service' => \PragmaRX\Google2FAQRCode\QRCode\Bacon::class, // To use chillerlan/php-qrcode (SVG by default), uncomment below: // 'qr_code_backend_service' => \PragmaRX\Google2FAQRCode\QRCode\Chillerlan::class, /* |-------------------------------------------------------------------------- | OTP Settings |-------------------------------------------------------------------------- | | OTP Specific Settings From the view of the notification to the resend remains. | */ 'otp_view' => 'filament-multi-2fa::emails.2fa.otp', 'otp_resend_time_format' => '%i:%S', // 1:15 'otp_resend_allowed_after_in_seconds' => 60 * 1, // 1 Minute 'otp_expiration_in_seconds' => 60 * 10, // 10 Minute /* |-------------------------------------------------------------------------- | Trusted Device Settings |-------------------------------------------------------------------------- | | Configure trusted device cookie settings, including cookie name, | lifespan in minutes, and cache settings to minimize DB hits. | */ 'trusted_device_cookie_name' => 'trusted_device', // Duration (in minutes) before a trusted device expires in the database 'trusted_device_db_expiration' => 60 * 24 * 30, // 30 days // Duration (in minutes) before a trusted device cookie expires 'trusted_device_cookie_lifespan' => 60 * 24 * 30, // 30 days // Duration (in minutes) to cache trusted device checks to reduce DB queries 'trust_device_check_cache_lifespan' => 60 * 24 * 30, // 30 days ]; ``` 📝 **Notes:** - The plugin automatically injects the `CheckTrustedDevice` middleware to protect your Filament admin routes. - After OTP verification, users are redirected to the current panel’s dashboard. Testing ------- [](#testing) ``` composer test ``` Changelog --------- [](#changelog) Please see [CHANGELOG](CHANGELOG.md) for more information on what has changed recently. Contributing ------------ [](#contributing) Please see [CONTRIBUTING](.github/CONTRIBUTING.md) for details. Security Vulnerabilities ------------------------ [](#security-vulnerabilities) Please review [our security policy](../../security/policy) on how to report security vulnerabilities. Credits ------- [](#credits) - [Mohamed Alaa El-Din Mohamed](https://github.com/mix-code) - [Hamza Omar Mohamed](https://github.com/mix-code) - [All Contributors](../../contributors) License ------- [](#license) The MIT License (MIT). Please see [License File](LICENSE.md) for more information. ### Health Score 39 — LowBetter than 86% of packages Maintenance50 Moderate activity, may be stable Popularity31 Limited adoption so far Community10 Small or concentrated contributor base Maturity51 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~12 days Total 6 Last Release 362d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/10d476babd579e5a75399ebb785e0b1c25ad2dc9ae7b58f2242e8a87f4a4ac5e?d=identicon)[mix-code](/maintainers/mix-code) --- Top Contributors [![moaalaa](https://avatars.githubusercontent.com/u/22417282?v=4)](https://github.com/moaalaa "moaalaa (30 commits)") --- Tags laravelmix-codefilament-multi-2fa ### Code Quality TestsPest Code StyleLaravel Pint ### Embed Badge ![Health badge](/badges/mix-code-filament-multi-2fa/health.svg) ``` [![Health](https://phpackages.com/badges/mix-code-filament-multi-2fa/health.svg)](https://phpackages.com/packages/mix-code-filament-multi-2fa) ``` ### Alternatives [jeffgreco13/filament-breezy A custom package for Filament with login flow, profile and teams support. 1.0k1.7M41](/packages/jeffgreco13-filament-breezy)[bezhansalleh/filament-shield Filament support for `spatie/laravel-permission`. 2.8k2.9M88](/packages/bezhansalleh-filament-shield)[stephenjude/filament-two-factor-authentication Filament Two Factor Authentication: Google 2FA + Passkey Authentication 81158.7k4](/packages/stephenjude-filament-two-factor-authentication)[dutchcodingcompany/filament-socialite Social login for Filament through Laravel Socialite 213914.9k9](/packages/dutchcodingcompany-filament-socialite)[webbingbrasil/filament-2fa A 2FA plugin for filament. 4740.7k](/packages/webbingbrasil-filament-2fa)[marcelweidum/filament-passkeys Use passkeys in your filamentphp app 5925.8k](/packages/marcelweidum-filament-passkeys) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)