PHPackages njoguamos/laravel-otp - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. njoguamos/laravel-otp ActiveLibrary[Authentication & Authorization](/categories/authentication) njoguamos/laravel-otp ===================== A composer package for generating and verifying One Time Passwords (OTP) in Laravel 11+. v2.0.1(2mo ago)84.2k↓50%1MITPHPPHP ^8.3 | ^8.4 | ^8.5CI passing Since Jul 25Pushed 2mo ago1 watchersCompare [ Source](https://github.com/njoguamos/laravel-otp)[ Packagist](https://packagist.org/packages/njoguamos/laravel-otp)[ Docs](https://github.com/njoguamos/laravel-otp)[ GitHub Sponsors](https://github.com/NjoguAmos)[ RSS](/packages/njoguamos-laravel-otp/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (10)Dependencies (24)Versions (42)Used By (0) A composer package for generating and verifying One Time Passwords (OTP) in Laravel 11+. ======================================================================================== [](#a-composer-package-for-generating-and-verifying-one-time-passwords-otp-in-laravel-11) [![Latest Version on Packagist](https://camo.githubusercontent.com/e765d38632c974179653566d80466dc0cb245f4b8ee11c4f44d28dcc3de29ba7/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f6e6a6f6775616d6f732f6c61726176656c2d6f74702e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/njoguamos/laravel-otp)[![run-tests](https://github.com/njoguamos/laravel-otp/actions/workflows/run-tests.yml/badge.svg)](https://github.com/njoguamos/laravel-otp/actions/workflows/run-tests.yml)[![Fix PHP code style issues](https://github.com/njoguamos/laravel-otp/actions/workflows/fix-php-code-style-issues.yml/badge.svg)](https://github.com/njoguamos/laravel-otp/actions/workflows/fix-php-code-style-issues.yml)[![Total Downloads](https://camo.githubusercontent.com/2f023ded5323cfe3d4312f5338413008d3f0d944deda3fe421e95786e1d6a709/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f6e6a6f6775616d6f732f6c61726176656c2d6f74702e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/njoguamos/laravel-otp) A composer package for generating and verifying One Time Passwords (OTP) in Laravel 11+. Installation ------------ [](#installation) VersionSupported Laravel1.x11.x, 12.x2.x12.x, 13.xYou can install the package via composer: ``` composer require njoguamos/laravel-otp ``` You can publish and run the migrations with: ``` php artisan vendor:publish --tag="otp-migrations" php artisan migrate ``` You can publish the config file with: ``` php artisan vendor:publish --tag="otp-config" ``` This is the contents of the published config file:``` return [ /* |-------------------------------------------------------------------------- | OTP Length |-------------------------------------------------------------------------- | | This is the length of the generated OTP token. By default it is set to | 6 digits. The length of the OTP must be at least 4 digits to ensure | that the OTP is not easily guessable | */ 'length' => env(key: 'OPT_LENGTH', default: 6), /* |-------------------------------------------------------------------------- | OTP Validity time by minutes |-------------------------------------------------------------------------- | | This is the validity time of the generated OTP token. By default it is | set to 10 minutes. This means that the OTP will be valid for 10 minutes | after it is generated. You can change this value to suit your needs. | */ 'validity' => env(key: 'OTP_VALIDITY', default: 10), /* |-------------------------------------------------------------------------- | Digits Only |------------------------------------------------------------------------- | | When set to true, the generated OTP will only contain digits. When set | to false, the generated OTP will contain both digits and alphanumeric | characters which makes it more difficult to guess the OTP. | */ 'digits_only' => env(key: 'OTP_DIGITS_ONLY', default: true), ]; ``` Usage ----- [](#usage) ### Generate OTP [](#generate-otp) To generate an OTP, you can use the `generate()` method on the `Otp` class. . This method takes an `identifier` as a parameter. The `identifier` can be and email address, phone number, or any other unique identifier that you want to use to identify the user. ``` use NjoguAmos\Otp\Otp; $otp = Otp::generate(identifier: 'example@gmail.com'); $otp->identifier; # example@gmail.com $otp->token; # 123456 $otp->expires_in; # 10 minutes ``` The `generate()` method returns an instance of the `\NjoguAmos\Otp\Models\Otp` Eloquent Models class. You can access the `identifier`, `token`, and `expires_at` properties of the `Otp` class. For example: you can use the `token` property to send the OTP to the user's email address. ``` use NjoguAmos\Otp\Otp; use App\Mail\OTPMail; use Illuminate\Support\Facades\Mail; $email = 'example@gmail.com'; $otp = Otp::generate(identifier: $email); Mail::to($email)->send(new OTPMail($otp)); ``` ### Verify OTP [](#verify-otp) To verify an OTP, you can use the `validate()` method on the `Otp` class. This method takes an `identifier` and `token` as parameters. If the OTP is valid, the method will return `true`. Otherwise, it will return `false`. ``` use NjoguAmos\Otp\Otp; $email = 'example@gmail.com'; $otp = '123456'; $validated = Otp::validate(identifier: $email, token: $otp->token); $validated // True or False ``` Note It is advisable not to let the user know if the OTP does not match, or does not exist or expired. You can return a generic message to the user instead. ### Invalidating a Token [](#invalidating-a-token) It is highly recommended to invalid OTPs to avoid abuse. You can call `invalidate()` on the Otp object which deletes it from the database. ``` use NjoguAmos\Otp\Otp; $otp = Otp::generate(identifier: 'example@gmail.com'); $otp->invalidate(); ``` Note Please note that validating a token automatically invalidates it to avoid second time use ### Delete Expired OTPs [](#delete-expired-otps) To periodically delete expired OTPs, you can use the `model:prune` Artisan command. This command will delete all expired OTPs from the database. To do so, add `model:prune` to your `routes/console.php` file: ``` use Illuminate\Support\Facades\Schedule; use NjoguAmos\Otp\Models\Otp as OtpModel; Schedule::command('model:prune', ['--model' => [OtpModel::class]])->everyFiveMinutes(); ``` Tip Make sure the duration is greater than the validity time of the OTP. ### Security [](#security) Tip To prevent brute force attacks, rate limit the number of attempts to `generate` or `verify` an OTP tokens. This can be done by using the Laravel `RateLimit` middleware. User can verify tokens as long as they are valid. This means that the user can have multiple valid tokens. Once the token expires, it cannot be valid even if it still exists in the database. Schedule the `model:prune` command to run every 5 minutes to delete expired tokens. Testing ------- [](#testing) ``` composer test ``` Changelog --------- [](#changelog) Please see [RELEASE](https://github.com/njoguamos/laravel-otp/releases) for more information on what has changed recently. Contributing ------------ [](#contributing) Please see [CONTRIBUTING](CONTRIBUTING.md) for details. Security Vulnerabilities ------------------------ [](#security-vulnerabilities) Please review [our security policy](../../security/policy) on how to report security vulnerabilities. Credits ------- [](#credits) - [Njogu Amos](https://github.com/njoguamos) - [Samuel Mwangi](https://github.com/SamuelMwangiW) - [All Contributors](../../contributors) License ------- [](#license) The MIT License (MIT). Please see [License File](LICENSE.md) for more information. ### Health Score 53 — FairBetter than 97% of packages Maintenance87 Actively maintained with recent releases Popularity29 Limited adoption so far Community11 Small or concentrated contributor base Maturity70 Established project with proven stability Bus Factor1 Top contributor holds 69.8% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~16 days Total 37 Last Release 62d ago Major Versions v0.0.1 → v1.0.02024-07-25 v1.4.52 → v2.0.02026-03-17 PHP version history (2 changes)v0.0.1PHP ^8.3 v2.0.0PHP ^8.3 | ^8.4 | ^8.5 ### Community Maintainers ![](https://www.gravatar.com/avatar/1262b428518ef976f4268074e0b9e9280ec9af765aee553112bea64401beed8f?d=identicon)[njoguamos](/maintainers/njoguamos) --- Top Contributors [![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (90 commits)")[![njoguamos](https://avatars.githubusercontent.com/u/29255728?v=4)](https://github.com/njoguamos "njoguamos (24 commits)")[![SamuelMwangiW](https://avatars.githubusercontent.com/u/1807304?v=4)](https://github.com/SamuelMwangiW "SamuelMwangiW (15 commits)") --- Tags laravelotp ### Code Quality TestsPest Static AnalysisPHPStan Code StyleLaravel Pint ### Embed Badge ![Health badge](/badges/njoguamos-laravel-otp/health.svg) ``` [![Health](https://phpackages.com/badges/njoguamos-laravel-otp/health.svg)](https://phpackages.com/packages/njoguamos-laravel-otp) ``` ### Alternatives [spatie/laravel-permission Permission handling for Laravel 12 and up 12.9k89.8M1.0k](/packages/spatie-laravel-permission)[bezhansalleh/filament-shield Filament support for `spatie/laravel-permission`. 2.8k2.9M88](/packages/bezhansalleh-filament-shield)[jeffgreco13/filament-breezy A custom package for Filament with login flow, profile and teams support. 1.0k1.7M41](/packages/jeffgreco13-filament-breezy)[spatie/laravel-login-link Quickly login to your local environment 4381.2M1](/packages/spatie-laravel-login-link)[ryangjchandler/laravel-cloudflare-turnstile A simple package to help integrate Cloudflare Turnstile. 438896.6k2](/packages/ryangjchandler-laravel-cloudflare-turnstile)[spatie/laravel-passkeys Use passkeys in your Laravel app 444494.4k16](/packages/spatie-laravel-passkeys) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)