PHPackages                             mydaniel/laravel-temporary-tokens - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. mydaniel/laravel-temporary-tokens

ActiveLaravel-package[Security](/categories/security)

mydaniel/laravel-temporary-tokens
=================================

A flexible Laravel package to generate, manage, and validate temporary tokens, OTPs, or pins.

v1.0.1(5mo ago)03MITPHPPHP ^8.2|^8.3|^8.4

Since Aug 20Pushed 5mo agoCompare

[ Source](https://github.com/daniyousefifar/laravel-temporary-tokens)[ Packagist](https://packagist.org/packages/mydaniel/laravel-temporary-tokens)[ RSS](/packages/mydaniel-laravel-temporary-tokens/feed)WikiDiscussions master Synced 1mo ago

READMEChangelog (2)Dependencies (3)Versions (3)Used By (0)

Laravel Temporary Tokens
========================

[](#laravel-temporary-tokens)

[![Latest Version on Packagist](https://camo.githubusercontent.com/56a44083a036e414cf338311a1d857d66f5754b8c45b39e5782f365796b17a1d/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f6d7964616e69656c2f6c61726176656c2d74656d706f726172792d746f6b656e732e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/mydaniel/laravel-temporary-tokens)[![Total Downloads](https://camo.githubusercontent.com/51f665f995258682954a5f5d16b1f972709b3a8065a6cb4b8b888c48f8aee661/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f6d7964616e69656c2f6c61726176656c2d74656d706f726172792d746f6b656e732e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/mydaniel/laravel-temporary-tokens)[![License](https://camo.githubusercontent.com/4665410d26d3c1440616e9152e59721c7471cdd93463312ca202ae8ee436467e/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f6c2f6d7964616e69656c2f6c61726176656c2d74656d706f726172792d746f6b656e732e7376673f7374796c653d666c61742d737175617265)](https://github.com/daniyousefifar/laravel-temporary-tokens/blob/main/LICENSE.md)

A simple and flexible Laravel package that allows you to generate, manage, and validate temporary tokens, One-Time Passwords (OTPs), or PINs for tasks like authentication, email verification, password resets, and more.

Features
--------

[](#features)

- Generate numeric tokens of any length.
- Set expiration dates for tokens.
- Limit the number of times a token can be used.
- Attach arbitrary data (metadata) to any token.
- Associate tokens with any Eloquent model (e.g., `User`).
- Includes an Artisan command to automatically prune expired tokens.
- Fully configurable with no external dependencies.

Installation
------------

[](#installation)

You can install the package via Composer:

```
composer require mydaniel/laravel-temporary-tokens
```

Next, you should publish the configuration and migration files using the `vendor:publish` command:

```
php artisan vendor:publish --provider="MyDaniel\TemporaryTokens\TemporaryTokensServiceProvider"
```

Finally, run the migration to create the `temporary_tokens` table:

```
php artisan migrate
```

Usage
-----

[](#usage)

### 1. Preparing Your Model

[](#1-preparing-your-model)

First, add the `HasTemporaryTokens` trait to the model you wish to generate tokens for (e.g., your `User` model).

```
namespace App\Models;

use Illuminate\Foundation\Auth\User as Authenticatable;
use MyDaniel\TemporaryTokens\Traits\HasTemporaryTokens;

class User extends Authenticatable
{
    use HasTemporaryTokens;

    // ...
}
```

### 2. Creating a Token

[](#2-creating-a-token)

You can easily create new tokens using the fluent `TokenBuilder`.

**Create a simple 6-digit token for a user:**

```
$user = User::find(1);

// The `temporaryTokenBuilder` method comes from the HasTemporaryTokens trait
$temporaryToken = $user->temporaryTokenBuilder()->create();

echo $temporaryToken->token; // e.g., "123456"
```

**Create a token with custom settings:**

```
$user = User::find(1);

$temporaryToken = $user->temporaryTokenBuilder()
    ->setType('email-verification')       // Set a token type
    ->setTokenLength(5)                   // Generate a 5-digit token
    ->setUsageLimit(1)                    // Allow the token to be used only once
    ->setExpireDate(now()->addMinutes(15)) // Set a 15-minute expiration
    ->setMetadata(['source' => 'registration']) // Attach custom data
    ->create();
```

### 3. Finding and Validating a Token

[](#3-finding-and-validating-a-token)

To find and check the validity of a token, you can use the methods on the `TemporaryToken` model.

```
use MyDaniel\TemporaryTokens\Models\TemporaryToken;

$userToken = '123456';
$tokenType = 'email-verification';

// Find a token that is not expired and has not exceeded its usage limit
$token = TemporaryToken::findValid($userToken, $tokenType);

if ($token) {
    // The token is valid
    echo "Token is valid!";

    // You can also check if the token belongs to the correct user
    if ($token->tokenable_id === $user->id) {
        // ...
    }
}
```

The `isValid()` method is also available on a `TemporaryToken` instance to perform the same check:

```
if ($token && $token->isValid()) {
    // ...
}
```

### 4. Using a Token

[](#4-using-a-token)

After a token has been successfully used, you can increment its usage counter.

```
// Mark the token as "used"
$token->use();

// If the token reaches its usage limit, `hasExceededMaxUsage()` will return true
if ($token->hasExceededMaxUsage()) {
    echo "This token cannot be used anymore.";
}
```

Pruning Expired Tokens
----------------------

[](#pruning-expired-tokens)

You can remove expired tokens from your database by running the provided Artisan command.

```
php artisan temporary-tokens:prune-expired
```

By default, this command will prune tokens that expired more than 24 hours ago. To customize this, you can either use the `--hours` option or change the `prune_expired_after_hours` value in the `config/temporary-tokens.php` file.

```
# Prune tokens that expired more than 48 hours ago
php artisan temporary-tokens:prune-expired --hours=48
```

It is recommended to schedule this command to run daily in your `app/Console/Kernel.php` file.

```
// app/Console/Kernel.php
protected function schedule(Schedule $schedule)
{
    $schedule->command('temporary-tokens:prune-expired')->daily();
}
```

Changelog
---------

[](#changelog)

Please see [CHANGELOG.md](CHANGELOG.md) for more information on what has changed recently.

Contributing
------------

[](#contributing)

Contributions are welcome! Please feel free to fork the repository and submit a pull request.

Security Vulnerabilities
------------------------

[](#security-vulnerabilities)

If you discover a security vulnerability within this package, please send an e-mail to Daniel Yousefi Far at `daniyousefifar@gmail.com`. All security vulnerabilities will be promptly addressed.

License
-------

[](#license)

The MIT License (MIT). Please see [License File](LICENSE.md) for more information.

###  Health Score

36

—

LowBetter than 82% of packages

Maintenance70

Regular maintenance activity

Popularity3

Limited adoption so far

Community6

Small or concentrated contributor base

Maturity54

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~90 days

Total

2

Last Release

174d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/d44388ec13369a9d7c4f7e3a81d5fb52269f260a77c10aad4ce6cbe3f2969942?d=identicon)[mydaniel](/maintainers/mydaniel)

---

Top Contributors

[![daniyousefifar](https://avatars.githubusercontent.com/u/38884107?v=4)](https://github.com/daniyousefifar "daniyousefifar (3 commits)")

---

Tags

laravelotpsecuritytokentemporarypin

### Embed Badge

![Health badge](/badges/mydaniel-laravel-temporary-tokens/health.svg)

```
[![Health](https://phpackages.com/badges/mydaniel-laravel-temporary-tokens/health.svg)](https://phpackages.com/packages/mydaniel-laravel-temporary-tokens)
```

###  Alternatives

[tzsk/otp

A secure, database-free One-Time Password (OTP) generator and verifier for PHP and Laravel.

241641.4k1](/packages/tzsk-otp)[ercsctt/laravel-file-encryption

Secure file encryption and decryption for Laravel applications

642.6k](/packages/ercsctt-laravel-file-encryption)[alajusticia/laravel-logins

Session management in Laravel apps, user notifications on new access, support for multiple separate remember tokens, IP geolocation, User-Agent parser

2011.0k](/packages/alajusticia-laravel-logins)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)