PHPackages roosht3/google2fa-laravel - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. roosht3/google2fa-laravel ActiveLibrary[Authentication & Authorization](/categories/authentication) roosht3/google2fa-laravel ========================= A One Time Password Authentication package, compatible with Google Authenticator. v1.0.23(6y ago)0649BSD-3-ClausePHPPHP >=7.0 Since Jun 20Pushed 6y agoCompare [ Source](https://github.com/roosht3/google2fa-laravel)[ Packagist](https://packagist.org/packages/roosht3/google2fa-laravel)[ RSS](/packages/roosht3-google2fa-laravel/feed)WikiDiscussions master Synced today READMEChangelogDependencies (4)Versions (15)Used By (0) Google2FA for Laravel ===================== [](#google2fa-for-laravel) [![Latest Stable Version](https://camo.githubusercontent.com/3be4878262c8c87315d056d95bbbf48fbd7881245c2ddfe847bdcf01c298172a/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f707261676d6172782f676f6f676c653266612d6c61726176656c2e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/pragmarx/google2fa-laravel) [![License](https://camo.githubusercontent.com/55c0218c8f8009f06ad4ddae837ddd05301481fcf0dff8e0ed9dadda8780713e/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d627269676874677265656e2e7376673f7374796c653d666c61742d737175617265)](LICENSE) [![Code Quality](https://camo.githubusercontent.com/5d3950dc76c9c1973ebdd1cf1d65c687b267ca2990c8ca304c2de4b31b2e69cd/68747470733a2f2f696d672e736869656c64732e696f2f7363727574696e697a65722f672f616e746f6e696f7269626569726f2f676f6f676c653266612d6c61726176656c2e7376673f7374796c653d666c61742d737175617265)](https://scrutinizer-ci.com/g/antonioribeiro/google2fa-laravel/?branch=master) [![Build](https://camo.githubusercontent.com/f066ea22eae98f26135ae18c3e7c926b2c80c6899ca4258f296791787ceb3db9/68747470733a2f2f696d672e736869656c64732e696f2f7472617669732f616e746f6e696f7269626569726f2f676f6f676c653266612d6c61726176656c2e7376673f7374796c653d666c61742d737175617265)](https://travis-ci.org/antonioribeiro/google2fa-laravel) [![Downloads](https://camo.githubusercontent.com/773eee7cb5dce0a1a11e4b7ca2c7761ab44bcf1a5ea705261eecfa5c59b4fc70/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f707261676d6172782f676f6f676c653266612d6c61726176656c2e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/pragmarx/google2fa-laravel) [![Coverage](https://camo.githubusercontent.com/046e569ea2513db62a00e0b78f8f1fa1bc9fcf24d49aa07b18333693a640f226/68747470733a2f2f696d672e736869656c64732e696f2f7363727574696e697a65722f636f7665726167652f672f616e746f6e696f7269626569726f2f676f6f676c653266612d6c61726176656c2e7376673f7374796c653d666c61742d737175617265)](https://scrutinizer-ci.com/g/antonioribeiro/google2fa-laravel/?branch=master) [![StyleCI](https://camo.githubusercontent.com/fb7273fff4a133a673f752405dcbf92a9ea67bec5679e467fb7e477eb47141c0/68747470733a2f2f7374796c6563692e696f2f7265706f732f39343633303835312f736869656c64)](https://styleci.io/repos/94630851) [![PHP](https://camo.githubusercontent.com/5ba5918c23b3078d4ed1bc9c4c6dc152f1e279639ceb34b7e1940bc9645e0fc2/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f5048502d372e302532302d2d253230372e332d627269676874677265656e2e7376673f7374796c653d666c61742d737175617265)](https://travis-ci.org/antonioribeiro/google2fa-laravel) ### Google Two-Factor Authentication Package for Laravel [](#google-two-factor-authentication-package-for-laravel) Google2FA is a PHP implementation of the Google Two-Factor Authentication Module, supporting the HMAC-Based One-time Password (HOTP) algorithm specified in [RFC 4226](https://tools.ietf.org/html/rfc4226) and the Time-based One-time Password (TOTP) algorithm specified in [RFC 6238](https://tools.ietf.org/html/rfc6238). This package is a Laravel bridge to [Google2FA](https://github.com/antonioribeiro/google2fa)'s PHP package. The intent of this package is to create QRCodes for Google2FA and check user typed codes. If you need to create backup/recovery codes, please check below. ### Recovery/Backup codes [](#recoverybackup-codes) if you need to create recovery or backup codes to provide a way for your users to recover a lost account, you can use the [Recovery Package](https://github.com/antonioribeiro/recovery). Demos, Example & Playground ------------------------------- [](#demos-example--playground) Please check the [Google2FA Package Playground](https://pragmarx.com/playground/google2fa#/). [![playground](https://github.com/antonioribeiro/google2fa/raw/master/docs/playground.jpg)](https://github.com/antonioribeiro/google2fa/raw/master/docs/playground.jpg) Here's an demo app showing how to use Google2FA: [google2fa-example](https://github.com/antonioribeiro/google2fa-example). You can scan the QR code on [this (old) demo page](https://antoniocarlosribeiro.com/technology/google2fa) with a Google Authenticator app and view the code changing (almost) in real time. Compatibility ------------- [](#compatibility) Laravel[Google2FA](https://github.com/antonioribeiro/google2fa)Google2FA-Laravel4.2<= 1.0.15.0-5.1<= 1.0.15.2-5.6>= 2.0.0>= 0.2.0Before Google2FA 2.0 (Laravel 5.1) you have to install `pragmarx/google2fa:~1.0`, because this package was both a Laravel package and a PHP (agnostic). Demo ---- [](#demo) Click [here](https://pragmarx.com/google2fa/middleware) to see the middleware demo: [![middleware](docs/middleware.jpg)](docs/middleware.jpg) Installing ---------- [](#installing) Use Composer to install it: ``` composer require pragmarx/google2fa-laravel ``` If you prefer inline QRCodes instead of a Google generated url, you'll need to install [BaconQrCode](https://github.com/Bacon/BaconQrCode): ``` composer require bacon/bacon-qr-code ``` Installing on Laravel --------------------- [](#installing-on-laravel) ### Laravel 5.5 [](#laravel-55) You don't have to do anything else, this package autoloads the Service Provider and create the Alias, using the new Auto-Discovery feature. ### Laravel 5.4 and below [](#laravel-54-and-below) Add the Service Provider and Facade alias to your `app/config/app.php` (Laravel 4.x) or `config/app.php` (Laravel 5.x): ``` PragmaRX\Google2FALaravel\ServiceProvider::class, 'Google2FA' => PragmaRX\Google2FALaravel\Facade::class, ``` Publish the config file ----------------------- [](#publish-the-config-file) ``` php artisan vendor:publish --provider="PragmaRX\Google2FALaravel\ServiceProvider" ``` Using It -------- [](#using-it) #### Use the Facade [](#use-the-facade) ``` use Google2FA; return Google2FA::generateSecretKey(); ``` #### In Laravel you can use the IoC Container [](#in-laravel-you-can-use-the-ioc-container) ``` $google2fa = app('pragmarx.google2fa'); return $google2fa->generateSecretKey(); ``` Middleware ---------- [](#middleware) This package has a middleware which will help you code 2FA on your app. To use it, you just have to: ### Add the middleware to your Kernel.php: [](#add-the-middleware-to-your-kernelphp) ``` protected $routeMiddleware = [ ... '2fa' => \PragmaRX\Google2FALaravel\Middleware::class, ]; ``` ### Using it in one or more routes: [](#using-it-in-one-or-more-routes) ``` Route::get('/admin', function () { return view('admin.index'); })->middleware(['auth', '2fa']); ``` ### Configuring the view [](#configuring-the-view) You can set your 'ask for a one time password' view in the config file (config/google2fa.php): ``` /** * One Time Password View */ 'view' => 'google2fa.index', ``` And in the view you just have to provide a form containing the input, which is also configurable: ``` /** * One Time Password request input name */ 'otp_input' => 'one_time_password', ``` Here's a form example: ``` Authenticate ``` One Time Password Lifetime -------------------------- [](#one-time-password-lifetime) Usually an OTP lasts forever, until the user logs off your app, but, to improve application safety, you may want to re-ask, only for the Google OTP, from time to time. So you can set a number of minutes here: ``` /** * Lifetime in minutes. * In case you need your users to be asked for a new one time passwords from time to time. */ 'lifetime' => 0, // 0 = eternal ``` And you can decide whether your OTP will be kept alive while your users are browsing the site or not: ``` /** * Renew lifetime at every new request. */ 'keep_alive' => true, ``` Manually logging out from 2Fa ----------------------------- [](#manually-logging-out-from-2fa) This command wil logout your user and redirect he/she to the 2FA form on the next request: ``` Google2FA::logout(); ``` If you don't want to use the Facade, you may: ``` use PragmaRX\Google2FALaravel\Support\Authenticator; (new Authenticator(request()))->logout(); ``` Throttling / Lockout after X attempts ------------------------------------- [](#throttling--lockout-after-x-attempts) Unless you need somethig really fancy, you can probably use Laravel's [route throttle middleware](https://laravel.com/docs/5.8/middleware) for that: ``` Route::get('/admin', function () { return view('admin.index'); })->middleware(['auth', '2fa', 'throttle']); ``` Stateless usage --------------- [](#stateless-usage) ``` $authenticator = app(Authenticator::class)->bootStateless($request); if ($authenticator->isAuthenticated()) { // otp auth success! } ``` You can also use a stateless middleware: ``` protected $routeMiddleware = [ ... '2fa' => \PragmaRX\Google2FALaravel\MiddlewareStateless::class, ]; ``` Events ------ [](#events) The following events are fired: - EmptyOneTimePasswordReceived - LoggedOut - LoginFailed - LoginSucceeded - OneTimePasswordExpired - OneTimePasswordRequested Documentation ------------- [](#documentation) Check the ReadMe file in the main [Google2FA](https://github.com/antonioribeiro/google2fa) repository. Tests ----- [](#tests) The package tests were written with [phpspec](http://www.phpspec.net/en/latest/). Author ------ [](#author) [Antonio Carlos Ribeiro](http://twitter.com/iantonioribeiro) License ------- [](#license) Google2FA is licensed under the MIT License - see the `LICENSE` file for details Contributing ------------ [](#contributing) Pull requests and issues are more than welcome. ### Health Score 31 — LowBetter than 68% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity13 Limited adoption so far Community12 Small or concentrated contributor base Maturity66 Established project with proven stability Bus Factor1 Top contributor holds 87.4% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~61 days Recently: every ~40 days Total 14 Last Release 2447d ago Major Versions v0.3.0 → v1.0.02019-03-21 PHP version history (2 changes)v0.1.0PHP >=5.4 v1.0.0PHP >=7.0 ### Community Maintainers ![](https://avatars.githubusercontent.com/u/5568849?v=4)[Roosh Ak](/maintainers/roosht3)[@roosht3](https://github.com/roosht3) --- Top Contributors [![antonioribeiro](https://avatars.githubusercontent.com/u/3182864?v=4)](https://github.com/antonioribeiro "antonioribeiro (111 commits)")[![asbiin](https://avatars.githubusercontent.com/u/25419741?v=4)](https://github.com/asbiin "asbiin (7 commits)")[![h44z](https://avatars.githubusercontent.com/u/1370804?v=4)](https://github.com/h44z "h44z (3 commits)")[![it-can](https://avatars.githubusercontent.com/u/644288?v=4)](https://github.com/it-can "it-can (3 commits)")[![vrajroham](https://avatars.githubusercontent.com/u/12662173?v=4)](https://github.com/vrajroham "vrajroham (1 commits)")[![robertpcontreras-ts](https://avatars.githubusercontent.com/u/79461629?v=4)](https://github.com/robertpcontreras-ts "robertpcontreras-ts (1 commits)")[![drakakisgeo](https://avatars.githubusercontent.com/u/1863506?v=4)](https://github.com/drakakisgeo "drakakisgeo (1 commits)") --- Tags laravelAuthenticationTwo Factor Authenticationgoogle2fa ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/roosht3-google2fa-laravel/health.svg) ``` [![Health](https://phpackages.com/badges/roosht3-google2fa-laravel/health.svg)](https://phpackages.com/packages/roosht3-google2fa-laravel) ``` ### Alternatives [pragmarx/google2fa-laravel A One Time Password Authentication package, compatible with Google Authenticator. 1.0k15.5M63](/packages/pragmarx-google2fa-laravel)[pragmarx/google2fa-qrcode QR Code package for Google2FA 12024.6M37](/packages/pragmarx-google2fa-qrcode)[ellaisys/aws-cognito AWS Cognito package that allows Auth and other related features using the AWS SDK for PHP 120220.7k1](/packages/ellaisys-aws-cognito) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)