PHPackages                             pedrosancao/php-otp - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. pedrosancao/php-otp

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

pedrosancao/php-otp
===================

PHP implementation of HMAC-based one-time password algorithm according to RFC 4226 and RFC 6238 compatible with Google Authenticator

v1.1.0(5y ago)1872.5k↓24.1%2[3 issues](https://github.com/pedrosancao/php-otp/issues)[3 PRs](https://github.com/pedrosancao/php-otp/pulls)MITPHPPHP &gt;=7.3CI failing

Since Sep 10Pushed 5mo ago1 watchersCompare

[ Source](https://github.com/pedrosancao/php-otp)[ Packagist](https://packagist.org/packages/pedrosancao/php-otp)[ Docs](https://github.com/pedrosancao/php-otp)[ RSS](/packages/pedrosancao-php-otp/feed)WikiDiscussions main Synced 2d ago

READMEChangelog (2)Dependencies (2)Versions (6)Used By (0)

A PHP One-Time Password implementation
======================================

[](#a-php-one-time-password-implementation)

[![project license](https://camo.githubusercontent.com/acc30a04425b48638017cb72d2e10e5ead99a980998b081a0daba5036f012b0d/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6c6963656e73652f706564726f73616e63616f2f7068702d6f7470)](https://camo.githubusercontent.com/acc30a04425b48638017cb72d2e10e5ead99a980998b081a0daba5036f012b0d/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6c6963656e73652f706564726f73616e63616f2f7068702d6f7470)[![code size](https://camo.githubusercontent.com/f15325884e338f7b4b002bd0cc61ad60ea413684daf3faef53189c8e94b2a8b0/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6c616e6775616765732f636f64652d73697a652f706564726f73616e63616f2f7068702d6f7470)](https://camo.githubusercontent.com/f15325884e338f7b4b002bd0cc61ad60ea413684daf3faef53189c8e94b2a8b0/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6c616e6775616765732f636f64652d73697a652f706564726f73616e63616f2f7068702d6f7470)[![PHP version](https://camo.githubusercontent.com/fb3e69ce6d2d3103f63fd7caf899bbb19e0b1375bc26f3f37d4fcde5643161f7/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f7068702d762f706564726f73616e63616f2f7068702d6f7470)](https://camo.githubusercontent.com/fb3e69ce6d2d3103f63fd7caf899bbb19e0b1375bc26f3f37d4fcde5643161f7/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f7068702d762f706564726f73616e63616f2f7068702d6f7470)[![packagist version](https://camo.githubusercontent.com/709230eee4ce5203ff1bb6015c923d63869539d013429c0d60f215f73dff5c72/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f706564726f73616e63616f2f7068702d6f7470)](https://camo.githubusercontent.com/709230eee4ce5203ff1bb6015c923d63869539d013429c0d60f215f73dff5c72/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f706564726f73616e63616f2f7068702d6f7470)[![packagist downloads](https://camo.githubusercontent.com/4ccdef6e47889aef79e29b5ea96fd9c72b35b38ab65b925987ad422ba5864ecd/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f706564726f73616e63616f2f7068702d6f7470)](https://camo.githubusercontent.com/4ccdef6e47889aef79e29b5ea96fd9c72b35b38ab65b925987ad422ba5864ecd/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f706564726f73616e63616f2f7068702d6f7470)[![test coverage](https://camo.githubusercontent.com/f7d7c563e8ca8e1ad6fca7c2b90e41908cdd7c1cdcc2526fb9e896493d18a972/68747470733a2f2f696d672e736869656c64732e696f2f636f6465636f762f632f6769746875622f706564726f73616e63616f2f7068702d6f7470)](https://camo.githubusercontent.com/f7d7c563e8ca8e1ad6fca7c2b90e41908cdd7c1cdcc2526fb9e896493d18a972/68747470733a2f2f696d672e736869656c64732e696f2f636f6465636f762f632f6769746875622f706564726f73616e63616f2f7068702d6f7470)[![tests status](https://camo.githubusercontent.com/e540b4ad1ce86de9b0ae17a6248de25e22ec04f6edc5137dcf721ac388fabf9f/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f776f726b666c6f772f7374617475732f706564726f73616e63616f2f7068702d6f74702f504850253230436f6d706f7365723f6c6162656c3d7465737473)](https://camo.githubusercontent.com/e540b4ad1ce86de9b0ae17a6248de25e22ec04f6edc5137dcf721ac388fabf9f/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f776f726b666c6f772f7374617475732f706564726f73616e63616f2f7068702d6f74702f504850253230436f6d706f7365723f6c6162656c3d7465737473)

This small library implements the HMAC-based one-time password algorithms used mostly on two steps authentication: time based TOTP ([RFC 6238](https://tools.ietf.org/html/rfc6238)) and HOTP ([RFC 4226](https://tools.ietf.org/html/rfc4226)).

Easily and quick allows to configure and use mobile apps like Google Authenticator.

Requirements
------------

[](#requirements)

Although it should work even on PHP 5.4. We strongly recommend using PHP &gt;= 7.3 as lower versions have [reached end of life](https://www.php.net/supported-versions.php).

Installation
------------

[](#installation)

Preferable use composer

```
composer require pedrosancao/php-otp
```

Usage
-----

[](#usage)

### Syncing time-based one-time password with client

[](#syncing-time-based-one-time-password-with-client)

Create a new token

```
$totp = PedroSancao\OTP\TOTP::create();
```

Present URI to user as a QR-Code or show base 32 encoded secret

```
// example using Google API, it's recommended to use a local library
$uri = $totp->getUri('user@domain.com', 'Issuer Name');
$src = 'https://chart.googleapis.com/chart?chs=200x200&chld=M|0&cht=qr&chl=' . urlencode($uri);
printf('', $src);
// OR
echo $totp->getSecretReadable();
```

Store the shared secret

```
$secret = $totp->getRawSecret();
```

### Verifying passwords

[](#verifying-passwords)

```
$totp = PedroSancao\OTP\TOTP::createRaw($storedSecret);
$totp->verify($inputPassword);
```

### Using as client

[](#using-as-client)

```
$totp = PedroSancao\OTP\TOTP::create($base32encodedSecret);
// or
$totp = PedroSancao\OTP\TOTP::createRaw($storedSecret);
// or
$totp = PedroSancao\OTP\TOTP::createFromURI($uriFromQrCode);
echo $totp->getPassword();
```

### Change hashing algorithm

[](#change-hashing-algorithm)

SHA1 is the default method. If you want to use another after create a new instance with one of `create*` methods call `useSha256` or `useSha512`:

```
$totp = PedroSancao\OTP\TOTP::createRaw($storedSecret)->useSha256();
```

To do list
----------

[](#to-do-list)

- Implement [all URI parameters](https://github.com/google/google-authenticator/wiki/Key-Uri-Format)

Licence
-------

[](#licence)

This library is release under the [MIT licence](LICENCE).

###  Health Score

43

—

FairBetter than 89% of packages

Maintenance46

Moderate activity, may be stable

Popularity40

Moderate usage in the ecosystem

Community9

Small or concentrated contributor base

Maturity61

Established project with proven stability

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~268 days

Total

4

Last Release

2049d ago

PHP version history (2 changes)v1.0.0-betaPHP &gt;=5.4

v1.1.0PHP &gt;=7.3

### Community

Maintainers

![](https://avatars.githubusercontent.com/u/5047991?v=4)[Pedro Sanção](/maintainers/pedrosancao)[@pedrosancao](https://github.com/pedrosancao)

---

Top Contributors

[![pedrosancao](https://avatars.githubusercontent.com/u/5047991?v=4)](https://github.com/pedrosancao "pedrosancao (9 commits)")

---

Tags

google-authenticatorhotpone-time-passwordotprfc-4226rfc-6238totptwo-steps-authenticationgoogle authenticatorotphotptotpRFC 6238RFC 4226one-time-passwordtwo steps authentication

###  Code Quality

TestsPHPUnit

### Embed Badge

![Health badge](/badges/pedrosancao-php-otp/health.svg)

```
[![Health](https://phpackages.com/badges/pedrosancao-php-otp/health.svg)](https://phpackages.com/packages/pedrosancao-php-otp)
```

###  Alternatives

[spomky-labs/otphp

A PHP library for generating one time passwords according to RFC 4226 (HOTP Algorithm) and the RFC 6238 (TOTP Algorithm) and compatible with Google Authenticator

1.5k50.3M168](/packages/spomky-labs-otphp)[christian-riesen/otp

One Time Passwords, hotp and totp according to RFC4226 and RFC6238

885.5M6](/packages/christian-riesen-otp)[chillerlan/php-authenticator

A generator for counter- and time based 2-factor authentication codes (Google Authenticator). PHP 8.2+

58133.8k3](/packages/chillerlan-php-authenticator)[remotemerge/totp-php

Lightweight, fast, and secure TOTP (2FA) authentication library for PHP — battle tested, dependency free, and ready for enterprise integration.

2118.5k](/packages/remotemerge-totp-php)[infocyph/otp

Simple &amp; Secure Generic OTP, OCRA (RFC6287), TOTP (RFC6238) &amp; HOTP (RFC4226) solution!

147.3k](/packages/infocyph-otp)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
