PHPackages php-monsters/laravel-otp - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. php-monsters/laravel-otp ActiveLibrary[Authentication & Authorization](/categories/authentication) php-monsters/laravel-otp ======================== Laravel OTP generator and validation 1.0.1(1y ago)24MITPHPPHP ^8.0 Since Jan 15Pushed 1y ago1 watchersCompare [ Source](https://github.com/php-monsters/laravel-otp)[ Packagist](https://packagist.org/packages/php-monsters/laravel-otp)[ Docs](https://github.com/php-monsters/laravel-otp)[ RSS](/packages/php-monsters-laravel-otp/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (2)Dependencies (1)Versions (3)Used By (0) ``` ██████╗ ██╗ ██╗██████╗ ███╗ ███╗ ██████╗ ███╗ ██╗███████╗████████╗███████╗██████╗ ███████╗ ██╔══██╗██║ ██║██╔══██╗ ████╗ ████║██╔═══██╗████╗ ██║██╔════╝╚══██╔══╝██╔════╝██╔══██╗██╔════╝ ██████╔╝███████║██████╔╝ ██╔████╔██║██║ ██║██╔██╗ ██║███████╗ ██║ █████╗ ██████╔╝███████╗ ██╔═══╝ ██╔══██║██╔═══╝ ██║╚██╔╝██║██║ ██║██║╚██╗██║╚════██║ ██║ ██╔══╝ ██╔══██╗╚════██║ ██║ ██║ ██║██║ ██║ ╚═╝ ██║╚██████╔╝██║ ╚████║███████║ ██║ ███████╗██║ ██║███████║ ╚═╝ ╚═╝ ╚═╝╚═╝ ╚═╝ ╚═╝ ╚═════╝ ╚═╝ ╚═══╝╚══════╝ ╚═╝ ╚══════╝╚═╝ ╚═╝╚══════╝ https://github.com/php-monsters/ ``` Laravel OTP =========== [](#laravel-otp) Introduction ------------ [](#introduction) A package for Laravel One Time Password (OTP) generator and validation without Eloquent Model, since it done by *Cache*. The cache connection same as your laravel cache config and it supported: "apc", "array", "database", "file", "memcached", "redis" Installation ------------ [](#installation) ### Install via composer [](#install-via-composer) ``` composer require php-monsters/laravel-otp ``` Configuration ------------- [](#configuration) Publish config and language file ``` php artisan vendor:publish --provider="PhpMonsters\Otp\OtpServiceProvider" ``` This package publishes an `otp.php` file inside your applications's config folder which contains the settings for this package. Most of the variables are bound to environment variables, you may add Key-Value pair to the `.env` file in the Laravel application. ``` OTP_FORMAT=numeric OTP_LENGTH=6 OTP_SENSITIVE=false OTP_EXPIRES_TIME=15 OTP_ATTEMPT_TIMES=5 OTP_REPEATED=true OTP_DEMO=false ``` Usage ----- [](#usage) ### Generate OTP [](#generate-otp) ``` Otp::generate(string $identifier) ``` - `$identifier`: The identity that will be tied to the OTP. #### Sample [](#sample) ``` use OTP; // in your code $password = Otp::generate('samuraee@github.com'); ``` This will generate a OTP that will be valid for 15 minutes. ### Validate OTP [](#validate-otp) ``` Otp::validate(string $identifier, string $password) ``` - `$identifier`: The identity that is tied to the OTP. - `$password`: The password tied to the identity. #### Sample [](#sample-1) ``` use OTP; // in your code $result = Otp::validate('samuraee@github.com', '123456'); ``` #### Responses [](#responses) **On Success** ``` { "status": true } ``` **Invalid OTP** ``` { "status": false, "error": "invalid" } ``` **Expired** ``` { "status": false, "error": "expired" } ``` **Max attempt** ``` { "status": false, "error": "max_attempt" } ``` - Reached the maximum allowed attempts, default 10 times with each identifier ### Validate OTP by Laravel Validation [](#validate-otp-by-laravel-validation) ``` // in a `FormRequest` use PhpMonsters\Otp\Rules\OtpValidate; public function rules() { return [ 'code' => ['required', new OtpValidate('samuraee@github.com')] ]; } // in a controller $request->validate([ 'code' => ['required', new OtpValidate('samuraee@github.com')] ]); ``` ### Validate OTP by session id [](#validate-otp-by-session-id) ``` // Otp class $result = Otp::validate('123456'); // in a `FormRequest` use PhpMonsters\Otp\Rules\OtpValidate; public function rules() { return [ 'code' => ['required', new OtpValidate()] ]; } // in a controller $request->validate([ 'code' => ['required', new OtpValidate()] ]); ``` - The setting without identifier will automatically use the session ID as the default, and the OTP generation and verification will be completed in same session (browser's cookies). Advanced Usage -------------- [](#advanced-usage) ### Generate OTP with options [](#generate-otp-with-options) ``` $password = Otp::setLength(8)->setFormat('string')->setExpires(60)->setRepeated(false)->generate('identifier-key-here'); // or array option $password = Otp::generate('identifier-key-here', [ 'length' => 8, 'format' => 'string', 'expires' => 60, 'repeated' => false ]); ``` - `setLength($length)`: The length of the password. Default: 6 - `setFormat($format)`: The format option allows you to decide which generator implementation to be used when generating new passwords. Options: 'string','numeric','numeric-no-zero','customize'. Default: "numeric" - `setExpires($minutes)`: The expiry time of the password in minutes. Default: 15 - `setRepeated($boolean)`: The repeated of the password. The previous password is valid when new password generated until either one password used or itself expired. Default: true ### Generate OTP with customize password [](#generate-otp-with-customize-password) ``` $password = Otp::setCustomize('12345678ABC@#$')->generate('identifier-key-here'); ``` - `setCustomize($string)`: Random letter from the customize string ### Validate OTP with specific attempt times [](#validate-otp-with-specific-attempt-times) ``` $password = Otp::setAttempts(3)->validate('identifier-key-here', 'password-here'); ``` - `setAttempts($times)`: The number of incorrect password attempts. Default: 5 ### Validate OTP with case sensitive [](#validate-otp-with-case-sensitive) ``` $password = Otp::setSensitive(true)->generate('identifier-key-here'); // validate $result = Otp::setSensitive(true)->validate('identifier-key-here', 'password-here'); // in controller use PhpMonsters\Otp\Rules\OtpValidate; $request->validate([ 'code' => ['required', new OtpValidate('identifier-key-here', ['sensitive' => true])] ]); ``` - `setSensitive($boolean)`: Requiring correct input of uppercase and lowercase letters. Default: true ### Generate OTP with seperate password [](#generate-otp-with-seperate-password) ``` $password = Otp::setLength([4,3,4])->setSeparator(':')->generate('identifier-key-here'); ``` **Sample password** ``` 3526:126:3697 ``` - `setLength($array)`: The length of the password, use array to separate each length. - `setSeparator($string)`: The separator of the password. Default: "-" ### Validate OTP with extra data [](#validate-otp-with-extra-data) ``` $password = Otp::setData(['user_id' => auth()->id()])->generate('login-confirmation'); ``` - `setData($var)`: Allows you to get the extra data of OTP. ``` // validate $result = Otp::setDisposable(false)->validate('login-confirmation', 'password-here'); // in controller use PhpMonsters\Otp\Rules\OtpValidate; $request->validate([ 'code' => ['required', new OtpValidate('login-confirmation', ['disposable' => false])] ]); ``` - `setDisposable($boolean)`: The disposable of the Otp identifier, the different password is not valid when same identifier password used. Default: true **On Success Response** ``` { "status": true, "data": [ "user_id": 10 ] } ``` - When you set disposable to `false`, you are able support different password with different extra data for different user in the same identifier key of the OTP. ### Validate OTP with skip using [](#validate-otp-with-skip-using) ``` // validate $result = Otp::setSkip(true)->validate('identifier-key-here', 'password-here'); // in controller use PhpMonsters\Otp\Rules\OtpValidate; $request->validate([ 'code' => ['required', new OtpValidate('identifier-key-here', ['skip' => true])] ]); ``` - `setSkip($boolean)`: Skip using the password when validate, which means you can reuse the password again. Default: false - When there is an error response to the form request, it will skip using the password, but remember to `OTP::validate(...)` in controller. ### Delete OTP [](#delete-otp) ``` Otp::forget('identifier-key-here'); ``` - Delete all password with this specific identifier ### Delete specific password [](#delete-specific-password) ``` Otp::forget('identifier-key-here', 'password-here'); ``` ### Reset attempt times [](#reset-attempt-times) ``` Otp::resetAttempt('identifier-key-here'); ``` ### Demo password [](#demo-password) Add the following Key-Value pair to the `.env` file in the Laravel application. ``` OTP_DEMO=true ``` - Demo mode for development purposes, no need to use real password to validate. - Default demo password: "1234", "123456", "12345678" Contribution ------------ [](#contribution) All contributions are welcome! 😄 License ------- [](#license) The MIT License (MIT). If you enjoy this, please consider supporting me: [Buy Me A Coffee](https://monzo.me/aboozarghaffari) ### Health Score 27 — LowBetter than 49% of packages Maintenance42 Moderate activity, may be stable Popularity6 Limited adoption so far Community7 Small or concentrated contributor base Maturity44 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~0 days Total 2 Last Release 480d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/c7151eabb06297cbe028765b1265b14202a90324f4ff4f53a22cfbaa956e901c?d=identicon)[samurai](/maintainers/samurai) --- Top Contributors [![samuraee](https://avatars.githubusercontent.com/u/502961?v=4)](https://github.com/samuraee "samuraee (8 commits)") --- Tags laravelotpone-time-passwordemail validationone time pinmobile validationemail-otpmobile otp ### Embed Badge ![Health badge](/badges/php-monsters-laravel-otp/health.svg) ``` [![Health](https://phpackages.com/badges/php-monsters-laravel-otp/health.svg)](https://phpackages.com/packages/php-monsters-laravel-otp) ``` ### Alternatives [teckwei1993/laravel-otp Laravel OTP generator and validation 5556.0k](/packages/teckwei1993-laravel-otp)[fouladgar/laravel-otp This package provides convenient methods for sending and validating OTP notifications to users for authentication. 21426.5k](/packages/fouladgar-laravel-otp) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)