PHPackages                             mkd/laravel-otp - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. mkd/laravel-otp

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

mkd/laravel-otp
===============

Laravel package for generating and verifying One-Time Passwords (OTPs) using TOTP (Time-based One-Time Password) and HOTP (HMAC-based One-Time Password) algorithms.

v0.0.1(1y ago)1871MITPHPPHP ^8.0CI passing

Since Oct 14Pushed 9mo ago2 watchersCompare

[ Source](https://github.com/mustafakhaleddev/laravel-otp)[ Packagist](https://packagist.org/packages/mkd/laravel-otp)[ Docs](https://github.com/mustafakhaleddev/laravel-advanced-otp)[ RSS](/packages/mkd-laravel-otp/feed)WikiDiscussions main Synced 1mo ago

READMEChangelog (1)Dependencies (2)Versions (2)Used By (0)

Laravel OTP
===========

[](#laravel-otp)

[![Latest Version on Packagist](https://camo.githubusercontent.com/004f9035eb1f36c4aa0321b2212fb8a649d38da832befd3d9899ac6041ddfaa1/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f6d6b642f6c61726176656c2d6f74702e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/mkdev/laravel-advanced-otp)[![Total Downloads](https://camo.githubusercontent.com/facfe40c7e2c494a7c48a507d107acc75df03ae84b7f1f9a02333879e00a0980/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f6d6b642f6c61726176656c2d6f74702e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/mkdev/laravel-advanced-otp)[![GitHub Actions](https://github.com/mustafakhaleddev/laravel-otp/actions/workflows/phpunit.yml/badge.svg)](https://github.com/mustafakhaleddev/laravel-otp/actions/workflows/phpunit.yml/badge.svg)

A simple Laravel package for generating and verifying One-Time Passwords (OTPs) using TOTP (Time-based One-Time Password) and HOTP (HMAC-based One-Time Password) algorithms.

Installation
------------

[](#installation)

You can install the package via Composer:

```
composer require mkd/laravel-otp
```

Example
-------

[](#example)

Scan This QR Code using Authenticator app

 [![My Image](https://camo.githubusercontent.com/3fdd69976a75bb916bacbf0bd4c1b0cce2fca4062424815fcddadc0250b54cab/68747470733a2f2f692e6962622e636f2f50685067316d362f6672616d652d312e706e67)](https://camo.githubusercontent.com/3fdd69976a75bb916bacbf0bd4c1b0cce2fca4062424815fcddadc0250b54cab/68747470733a2f2f692e6962622e636f2f50685067316d362f6672616d652d312e706e67)

Here's a simple example demonstrating how to generate and verify an OTP:

```
use MKD\LaravelOTP\LaravelOTP;

$secret = 'WSRNGQX4J57FL2POVHDAMBI6ZTK3CYUE'; // Base32 encoded secret
$otpService = LaravelOTP::make($secret);

// Generate current OTP
$currentOTP = $otpService->now();
echo "Current OTP: $currentOTP\n";

// Verify the OTP
$isValid = $otpService->verifyTOTP($currentOTP);
echo $isValid ? "OTP is valid!" : "OTP is invalid!";
```

Usage
-----

[](#usage)

### Creating an Instance

[](#creating-an-instance)

You can create an instance of the `LaravelOTP` class by providing a secret key:

```
use MKD\LaravelOTP\LaravelOTP;

$otpService = LaravelOTP::make('your-secret-key');
```

### Public Methods

[](#public-methods)

#### `now(): string`

[](#now-string)

Returns the current TOTP for the current timeframe.

```
$otp = $otpService->now();
```

#### `last(): string`

[](#last-string)

Returns the TOTP for the previous timeframe (30 seconds earlier).

```
$otp = $otpService->last();
```

#### `next(): string`

[](#next-string)

Returns the TOTP for the next timeframe (30 seconds later).

```
$otp = $otpService->next();
```

#### `at(int $offset = 0): string`

[](#atint-offset--0-string)

Returns the TOTP for a custom timeframe based on the provided offset. An offset of `0` returns the current TOTP, `-1` returns the last OTP, and `1` returns the next OTP.

```
$otp = $otpService->at(-1); // Last TOTP
$otp = $otpService->at(1);  // Next TOTP
```

#### `generateSecretKey(): string`

[](#generatesecretkey-string)

Generates a new secret key.

```
$secretKey = $otpService->generateSecretKey();
```

#### `atCounter(int $counter): string`

[](#atcounterint-counter-string)

Returns the HOTP for a specific counter value.

```
$otp = $otpService->atCounter(1); // OTP for counter 1
```

#### `verifyTOTP(string $otp, string|null $secret = null): bool`

[](#verifytotpstring-otp-stringnull-secret--null-bool)

Verifies a given TOTP against the current, previous, and next timeframes. If a secret key is provided, it overrides the current secret.

```
$isValid = $otpService->verifyTOTP('123456'); // Validate TOTP
```

#### `verifyHOTP(string $otp, int $counter, string|null $secret = null): bool`

[](#verifyhotpstring-otp-int-counter-stringnull-secret--null-bool)

Verifies a given HOTP against a specific counter. If a secret key is provided, it overrides the current secret.

```
$isValid = $otpService->verifyHOTP('123456', 1); // Validate HOTP for counter 1
```

Google Authenticator Compatible
-------------------------------

[](#google-authenticator-compatible)

#### `generateUrl(string $label, string $issuer, string $secretKey = null, int $counter = null): string`

[](#generateurlstring-label-string-issuer-string-secretkey--null-int-counter--null-string)

Generates an OTP Auth URL for use in generating a QR code. This URL can be used by OTP apps like Google Authenticator.

- **Parameters**:
    - `string $label`: A unique identifier for the OTP (usually the user's email or username).
    - `string $issuer`: The name of your application (used as the issuer for the OTP).
    - `string|null $secretKey`: An optional secret key. If not provided, the instance's secret key will be used.
    - `int|null $counter`: An optional counter for HOTP. If provided, the method will generate an HOTP URL instead of TOTP.

**Usage Example**:

```
$label = 'user@example.com';
$issuer = 'YourAppName';
$otpUrl = $otpService->generateUrl($label, $issuer);
echo "OTP Auth URL: $otpUrl" // otpauth://totp/Name?secret=WSRNGQX4J57FL2POVHDAMBI6ZTK3CYUE&issuer=APP;
```

License
-------

[](#license)

This package is licensed under the MIT License. See the [LICENSE](LICENSE) file for more information.

###  Health Score

28

—

LowBetter than 54% of packages

Maintenance48

Moderate activity, may be stable

Popularity13

Limited adoption so far

Community11

Small or concentrated contributor base

Maturity34

Early-stage or recently created project

 Bus Factor1

Top contributor holds 93.8% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Unknown

Total

1

Last Release

574d ago

### Community

Maintainers

![](https://avatars.githubusercontent.com/u/25182746?v=4)[Mustafa Khaled](/maintainers/mustafakhaleddev)[@mustafakhaleddev](https://github.com/mustafakhaleddev)

---

Top Contributors

[![mustafakhaleddev](https://avatars.githubusercontent.com/u/25182746?v=4)](https://github.com/mustafakhaleddev "mustafakhaleddev (15 commits)")[![matiechaza](https://avatars.githubusercontent.com/u/50587234?v=4)](https://github.com/matiechaza "matiechaza (1 commits)")

---

Tags

2fagoogle-authenticatorgoogle-otphotplaravel-otpone-time-passwordone-time-passwordsotptotplaravelotpAuthentication2faTwo Factor Authenticationlaravel-packageone-time-passwordemail-verificationlaravel otpotp verificationToken verificationadvanced otplaravel otp verificationmkdevlaravel-advanced-otp

###  Code Quality

TestsPHPUnit

### Embed Badge

![Health badge](/badges/mkd-laravel-otp/health.svg)

```
[![Health](https://phpackages.com/badges/mkd-laravel-otp/health.svg)](https://phpackages.com/packages/mkd-laravel-otp)
```

###  Alternatives

[tzsk/otp

A secure, database-free One-Time Password (OTP) generator and verifier for PHP and Laravel.

241641.4k1](/packages/tzsk-otp)[ellaisys/aws-cognito

AWS Cognito package that allows Auth and other related features using the AWS SDK for PHP

120220.7k1](/packages/ellaisys-aws-cognito)[remotemerge/totp-php

Lightweight, fast, and secure TOTP (2FA) authentication library for PHP — battle tested, dependency free, and ready for enterprise integration.

2010.2k](/packages/remotemerge-totp-php)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)