PHPackages nalyar-ulryck/two-factor-auth - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. nalyar-ulryck/two-factor-auth ActiveLibrary[Authentication & Authorization](/categories/authentication) nalyar-ulryck/two-factor-auth ============================= A Laravel package for two-factor authentication 1.1.0(1y ago)183↓100%MITPHPPHP ^8.0 Since Dec 13Pushed 2mo ago1 watchersCompare [ Source](https://github.com/nalyar-ulryck/two-factor-auth)[ Packagist](https://packagist.org/packages/nalyar-ulryck/two-factor-auth)[ RSS](/packages/nalyar-ulryck-two-factor-auth/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (1)Dependencies (3)Versions (3)Used By (0) Two Factor Authentication Package for Laravel ============================================= [](#two-factor-authentication-package-for-laravel) A Laravel package that provides Two Factor Authentication (2FA) using TOTP (Time-based One-Time Password) with Google Authenticator–compatible apps. It supports both **Blade (monolith)** and **API** stacks. Features -------- [](#features) - **TOTP 2FA** — Generate and validate one-time codes via [Google2FA](https://github.com/antonioribeiro/google2fa). - **QR Code** — Display QR codes for easy setup in authenticator apps (e.g. Google Authenticator). - **Enable & verify** — Flow to enable 2FA for users and verify codes on login. - **Middleware** — Protect routes so that 2FA is required after login. - **Dual stack** — Install either Blade views (monolith) or API-only resources via `2fa:install`. - **Configurable** — Redirect after verification and other options in `config/twofactor.php`. - **Migrations** — Adds `google2fa_secret` to the `users` table. Requirements ------------ [](#requirements) - PHP ^8.1 - Laravel ^10.10 - [pragmarx/google2fa-laravel](https://github.com/antonioribeiro/google2fa-laravel) ^2.2 - [bacon/bacon-qr-code](https://github.com/Bacon/BaconQrCode) ^3.0 Installation ------------ [](#installation) ### 1. Require the package [](#1-require-the-package) Add the package path to your project's `composer.json`: ``` "repositories": [ { "type": "path", "url": "./packages/NalyarUlryck/two-factor-auth" } ] ``` Then install: ``` composer require nalyar-ulryck/two-factor-auth ``` ### 2. Publish configuration (optional) [](#2-publish-configuration-optional) To customize redirects and other options: ``` php artisan vendor:publish --tag=config ``` Edit `config/twofactor.php` as needed (e.g. `redirect_after_verify2fa`). ### 3. Run migrations [](#3-run-migrations) Add the `google2fa_secret` column to your `users` table: ``` php artisan migrate ``` ### 4. Install the 2FA stack [](#4-install-the-2fa-stack) Choose either Blade (full UI) or API-only: ``` # Blade stack (views, routes, middleware wiring) php artisan 2fa:install blade # API-only stack php artisan 2fa:install api ``` Follow the on-screen instructions to add the middleware to the routes you want to protect. Configuration ------------- [](#configuration) KeyDescription`routes.redirect_after_verify2fa`Route name to redirect to after successful 2FA verification (default: `home`).Config file: `config/twofactor.php` (after publishing). Usage ----- [](#usage) ### Protecting routes [](#protecting-routes) Apply the `twofactor` middleware to routes that require 2FA: ``` Route::middleware(['auth', 'twofactor'])->group(function () { Route::get('/dashboard', ...)->name('home'); // ... }); ``` - If the user has no `google2fa_secret`, they are shown the **enable 2FA** flow (or API response). - If they have a secret but haven’t verified in this session, they are shown the **verify 2FA** page (or API response). - After successful verification, `2fa_authenticated` is set in the session and they can access protected routes. ### Package routes (under `twofactor` prefix) [](#package-routes-under-twofactor-prefix) MethodURINameDescriptionGET`/twofactor/enable-2fa``enable2fa`Get QR code / enable 2FAPOST`/twofactor/verify-2fa``verify2fa`Verify OTP (enable or login)GET`/twofactor/verify-2fa``verify-2fa`Show verify 2FA pagePOST`/twofactor/back-login``back-login`Logout and redirect to loginAll are under `web` and `auth` middleware. ### User model [](#user-model) Ensure your `User` model has a nullable `google2fa_secret` column (added by the package migration). No trait is required; the package uses `Auth::user()` and `User::find($id)`. License ------- [](#license) MIT. See [LICENSE](LICENSE) if present. Author ------ [](#author) **Nalyar Ulryck** — ### Health Score 37 — LowBetter than 82% of packages Maintenance75 Regular maintenance activity Popularity12 Limited adoption so far Community7 Small or concentrated contributor base Maturity44 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~132 days Total 2 Last Release 378d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/b786ebe5067c12595c136f24a4b41cabe419508a5e6854068414d8fa030cbe2c?d=identicon)[NalyarUlryck](/maintainers/NalyarUlryck) --- Top Contributors [![nalyar-ulryck](https://avatars.githubusercontent.com/u/118578498?v=4)](https://github.com/nalyar-ulryck "nalyar-ulryck (45 commits)") ### Embed Badge ![Health badge](/badges/nalyar-ulryck-two-factor-auth/health.svg) ``` [![Health](https://phpackages.com/badges/nalyar-ulryck-two-factor-auth/health.svg)](https://phpackages.com/packages/nalyar-ulryck-two-factor-auth) ``` ### Alternatives [lab404/laravel-impersonate Laravel Impersonate is a plugin that allows to you to authenticate as your users. 2.3k16.4M48](/packages/lab404-laravel-impersonate)[overtrue/laravel-follow User follow unfollow system for Laravel. 1.2k404.7k5](/packages/overtrue-laravel-follow)[laragear/two-factor On-premises 2FA Authentication for out-of-the-box. 339785.3k8](/packages/laragear-two-factor)[stephenjude/filament-two-factor-authentication Filament Two Factor Authentication: Google 2FA + Passkey Authentication 81158.7k4](/packages/stephenjude-filament-two-factor-authentication) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)