PHPackages                             pedrosancao/php-otp - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. pedrosancao/php-otp

ActiveLibrary

pedrosancao/php-otp
===================

PHP implementation of HMAC-based one-time password algorithm according to RFC 4226 and RFC 6238 compatible with Google Authenticator

v1.1.0(5y ago)1863.8k↑12.8%2[3 issues](https://github.com/pedrosancao/php-otp/issues)[3 PRs](https://github.com/pedrosancao/php-otp/pulls)MITPHPPHP &gt;=7.3CI passing

Since Sep 10Pushed 3mo ago1 watchersCompare

[ Source](https://github.com/pedrosancao/php-otp)[ Packagist](https://packagist.org/packages/pedrosancao/php-otp)[ Docs](https://github.com/pedrosancao/php-otp)[ RSS](/packages/pedrosancao-php-otp/feed)WikiDiscussions main Synced 1mo ago

READMEChangelog (2)Dependencies (2)Versions (6)Used By (0)

A PHP One-Time Password implementation
======================================

[](#a-php-one-time-password-implementation)

[![project license](https://camo.githubusercontent.com/acc30a04425b48638017cb72d2e10e5ead99a980998b081a0daba5036f012b0d/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6c6963656e73652f706564726f73616e63616f2f7068702d6f7470)](https://camo.githubusercontent.com/acc30a04425b48638017cb72d2e10e5ead99a980998b081a0daba5036f012b0d/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6c6963656e73652f706564726f73616e63616f2f7068702d6f7470)[![code size](https://camo.githubusercontent.com/f15325884e338f7b4b002bd0cc61ad60ea413684daf3faef53189c8e94b2a8b0/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6c616e6775616765732f636f64652d73697a652f706564726f73616e63616f2f7068702d6f7470)](https://camo.githubusercontent.com/f15325884e338f7b4b002bd0cc61ad60ea413684daf3faef53189c8e94b2a8b0/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6c616e6775616765732f636f64652d73697a652f706564726f73616e63616f2f7068702d6f7470)[![PHP version](https://camo.githubusercontent.com/fb3e69ce6d2d3103f63fd7caf899bbb19e0b1375bc26f3f37d4fcde5643161f7/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f7068702d762f706564726f73616e63616f2f7068702d6f7470)](https://camo.githubusercontent.com/fb3e69ce6d2d3103f63fd7caf899bbb19e0b1375bc26f3f37d4fcde5643161f7/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f7068702d762f706564726f73616e63616f2f7068702d6f7470)[![packagist version](https://camo.githubusercontent.com/709230eee4ce5203ff1bb6015c923d63869539d013429c0d60f215f73dff5c72/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f706564726f73616e63616f2f7068702d6f7470)](https://camo.githubusercontent.com/709230eee4ce5203ff1bb6015c923d63869539d013429c0d60f215f73dff5c72/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f706564726f73616e63616f2f7068702d6f7470)[![packagist downloads](https://camo.githubusercontent.com/4ccdef6e47889aef79e29b5ea96fd9c72b35b38ab65b925987ad422ba5864ecd/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f706564726f73616e63616f2f7068702d6f7470)](https://camo.githubusercontent.com/4ccdef6e47889aef79e29b5ea96fd9c72b35b38ab65b925987ad422ba5864ecd/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f706564726f73616e63616f2f7068702d6f7470)[![test coverage](https://camo.githubusercontent.com/f7d7c563e8ca8e1ad6fca7c2b90e41908cdd7c1cdcc2526fb9e896493d18a972/68747470733a2f2f696d672e736869656c64732e696f2f636f6465636f762f632f6769746875622f706564726f73616e63616f2f7068702d6f7470)](https://camo.githubusercontent.com/f7d7c563e8ca8e1ad6fca7c2b90e41908cdd7c1cdcc2526fb9e896493d18a972/68747470733a2f2f696d672e736869656c64732e696f2f636f6465636f762f632f6769746875622f706564726f73616e63616f2f7068702d6f7470)[![tests status](https://camo.githubusercontent.com/e540b4ad1ce86de9b0ae17a6248de25e22ec04f6edc5137dcf721ac388fabf9f/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f776f726b666c6f772f7374617475732f706564726f73616e63616f2f7068702d6f74702f504850253230436f6d706f7365723f6c6162656c3d7465737473)](https://camo.githubusercontent.com/e540b4ad1ce86de9b0ae17a6248de25e22ec04f6edc5137dcf721ac388fabf9f/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f776f726b666c6f772f7374617475732f706564726f73616e63616f2f7068702d6f74702f504850253230436f6d706f7365723f6c6162656c3d7465737473)

This small library implements the HMAC-based one-time password algorithms used mostly on two steps authentication: time based TOTP ([RFC 6238](https://tools.ietf.org/html/rfc6238)) and HOTP ([RFC 4226](https://tools.ietf.org/html/rfc4226)).

Easily and quick allows to configure and use mobile apps like Google Authenticator.

Requirements
------------

[](#requirements)

Although it should work even on PHP 5.4. We strongly recommend using PHP &gt;= 7.3 as lower versions have [reached end of life](https://www.php.net/supported-versions.php).

Installation
------------

[](#installation)

Preferable use composer

```
composer require pedrosancao/php-otp
```

Usage
-----

[](#usage)

### Syncing time-based one-time password with client

[](#syncing-time-based-one-time-password-with-client)

Create a new token

```
$totp = PedroSancao\OTP\TOTP::create();
```

Present URI to user as a QR-Code or show base 32 encoded secret

```
// example using Google API, it's recommended to use a local library
$uri = $totp->getUri('user@domain.com', 'Issuer Name');
$src = 'https://chart.googleapis.com/chart?chs=200x200&chld=M|0&cht=qr&chl=' . urlencode($uri);
printf('', $src);
// OR
echo $totp->getSecretReadable();
```

Store the shared secret

```
$secret = $totp->getRawSecret();
```

### Verifying passwords

[](#verifying-passwords)

```
$totp = PedroSancao\OTP\TOTP::createRaw($storedSecret);
$totp->verify($inputPassword);
```

### Using as client

[](#using-as-client)

```
$totp = PedroSancao\OTP\TOTP::create($base32encodedSecret);
// or
$totp = PedroSancao\OTP\TOTP::createRaw($storedSecret);
// or
$totp = PedroSancao\OTP\TOTP::createFromURI($uriFromQrCode);
echo $totp->getPassword();
```

### Change hashing algorithm

[](#change-hashing-algorithm)

SHA1 is the default method. If you want to use another after create a new instance with one of `create*` methods call `useSha256` or `useSha512`:

```
$totp = PedroSancao\OTP\TOTP::createRaw($storedSecret)->useSha256();
```

To do list
----------

[](#to-do-list)

- Implement [all URI parameters](https://github.com/google/google-authenticator/wiki/Key-Uri-Format)

Licence
-------

[](#licence)

This library is release under the [MIT licence](LICENCE).

###  Health Score

44

—

FairBetter than 92% of packages

Maintenance50

Moderate activity, may be stable

Popularity39

Limited adoption so far

Community9

Small or concentrated contributor base

Maturity61

Established project with proven stability

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~268 days

Total

4

Last Release

2003d ago

PHP version history (2 changes)v1.0.0-betaPHP &gt;=5.4

v1.1.0PHP &gt;=7.3

### Community

Maintainers

![](https://www.gravatar.com/avatar/5c9cc997dca1af30ebb7fe960ba7edbbd6f273eaacbc74b2cb3c0aedfc2b6790?d=identicon)[pedrosancao](/maintainers/pedrosancao)

---

Top Contributors

[![pedrosancao](https://avatars.githubusercontent.com/u/5047991?v=4)](https://github.com/pedrosancao "pedrosancao (9 commits)")

---

Tags

google-authenticatorhotpone-time-passwordotprfc-4226rfc-6238totptwo-steps-authenticationgoogle authenticatorotphotptotpRFC 6238RFC 4226one-time-passwordtwo steps authentication

###  Code Quality

TestsPHPUnit

### Embed Badge

![Health badge](/badges/pedrosancao-php-otp/health.svg)

```
[![Health](https://phpackages.com/badges/pedrosancao-php-otp/health.svg)](https://phpackages.com/packages/pedrosancao-php-otp)
```

###  Alternatives

[spomky-labs/otphp

A PHP library for generating one time passwords according to RFC 4226 (HOTP Algorithm) and the RFC 6238 (TOTP Algorithm) and compatible with Google Authenticator

1.5k46.1M119](/packages/spomky-labs-otphp)[christian-riesen/otp

One Time Passwords, hotp and totp according to RFC4226 and RFC6238

885.1M6](/packages/christian-riesen-otp)[chillerlan/php-authenticator

A generator for counter- and time based 2-factor authentication codes (Google Authenticator). PHP 8.2+

58119.1k2](/packages/chillerlan-php-authenticator)[rych/otp

PHP implementation of the OATH one-time password standards

36265.8k4](/packages/rych-otp)[remotemerge/totp-php

Lightweight, fast, and secure TOTP (2FA) authentication library for PHP — battle tested, dependency free, and ready for enterprise integration.

2010.2k](/packages/remotemerge-totp-php)[infocyph/otp

Simple &amp; Secure Generic OTP, OCRA (RFC6287), TOTP (RFC6238) &amp; HOTP (RFC4226) solution!

136.4k](/packages/infocyph-otp)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)