PHPackages                             sujeet-shah/otp-plugin - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Framework](/categories/framework)
4. /
5. sujeet-shah/otp-plugin

ActiveProject[Framework](/categories/framework)

sujeet-shah/otp-plugin
======================

CodeIgniter4 starter app

v2.0.0(5mo ago)011MITPHPPHP ^7.4 || ^8.0

Since Jan 12Pushed 5mo agoCompare

[ Source](https://github.com/Sujeet-shah/otp-plugin)[ Packagist](https://packagist.org/packages/sujeet-shah/otp-plugin)[ Docs](https://codeigniter.com)[ RSS](/packages/sujeet-shah-otp-plugin/feed)WikiDiscussions main Synced today

READMEChangelogDependencies (2)Versions (3)Used By (0)

CodeIgniter 4 OTP Authentication Plugin
=======================================

[](#codeigniter-4-otp-authentication-plugin)

[![Latest Stable Version](https://camo.githubusercontent.com/5bcdf8bdfa3daa1ac7bd1c3b55faa17302762311284259895e14d3b55aaa603c/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f73756a6565742d736861682f6f74702d706c7567696e2e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/sujeet-shah/otp-plugin)[![Total Downloads](https://camo.githubusercontent.com/9ec2608f944884cdc582c9f50be086ea1007b82c53266d83a63dec4cd9ceb1a6/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f73756a6565742d736861682f6f74702d706c7567696e2e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/sujeet-shah/otp-plugin)[![License](https://camo.githubusercontent.com/52fc3f411d62d87f6954a72906e3a335c2e128293fb721fd4d0233aa0cc2815e/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f6c2f73756a6565742d736861682f6f74702d706c7567696e2e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/sujeet-shah/otp-plugin)[![PHP Version](https://camo.githubusercontent.com/95a3e2b0bc75950169625b959ef4707cd12d0d3a3efc5541ccc40b99306caa23/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f7068702d762f73756a6565742d736861682f6f74702d706c7567696e2e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/sujeet-shah/otp-plugin)

A production-ready, plug-and-play OTP (One-Time Password) authentication library for CodeIgniter 4. Add secure OTP functionality via SMS (Twilio) or Email to your application in under 5 minutes.

---

🚀 Features
----------

[](#-features)

- **✅ Plug-and-Play**: Seamless integration with CodeIgniter 4.
- **📧 Multi-Channel Support**: Send OTPs via SMS (Twilio) or Email (SMTP).
- **🗄️ Database Support**: Fully compatible with MySQL and PostgreSQL.
- **🛡️ Rate Limiting**: Built-in protection against OTP flooding.
- **⚙️ Highly Configurable**: Customize OTP length, expiry duration, and maximum retry attempts.
- **🛠️ Flexible Usage**: Use via Service, Trait, or pre-built API endpoints.

---

📦 Installation
--------------

[](#-installation)

### 1. Install via Composer

[](#1-install-via-composer)

```
composer require sujeet-shah/otp-plugin
```

### 2. Run Migrations

[](#2-run-migrations)

Create the necessary database tables:

```
php spark migrate -n OtpAuth
```

### 3. Configure Environment

[](#3-configure-environment)

Add the following to your `.env` file:

```
# Authentication Mode (phone or email)
AUTH_MODE=phone

# OTP Settings
OTP_LENGTH=6
EXPIRY_DURATION_IN_SECOND=300
MAX_ATTEMPTS=3
OTP_LIMIT_IN_MINUTS=5 # Max OTPs allowed per minute

# Twilio Credentials (if AUTH_MODE=phone)
TWILIO_SID=your_account_sid
TWILIO_TOKEN=your_auth_token
TWILIO_FROM=your_twilio_phone_number

# Email Credentials (if AUTH_MODE=email)
MAIL_HOST=smtp.example.com
MAIL_PORT=587
MAIL_USERNAME=your_username
MAIL_PASSWORD=your_password
MAIL_ENCRYPTION=tls
MAIL_FROM=noreply@example.com
```

---

🛠️ Usage
--------

[](#️-usage)

### Option 1: Using the Service (Recommended)

[](#option-1-using-the-service-recommended)

The most flexible way to use the plugin is via the `otp` service.

```
use OtpAuth\Libraries\OtpService;
$otpService = new OtpService();

// 1. Generate and send OTP
$identifier = '+1234567890'; // or 'user@example.com'
if ($otpService->generate($identifier)) {
    echo "OTP sent successfully!";
} else {
    echo "Failed to send OTP (possibly rate limited).";
}

// 2. Verify an OTP entered by the user
if ($otpService->verify($identifier, '123456')) {
    echo "Verification successful!";
} else {
    echo "Invalid or expired OTP.";
}
```

### Option 2: Using the Trait in Controllers

[](#option-2-using-the-trait-in-controllers)

Easily add OTP capabilities to any controller using the `OtpAuthentication` trait.

```
namespace App\Controllers;

use OtpAuth\Traits\OtpAuthentication;

class AuthController extends BaseController
{
    use OtpAuthentication;

    public function send()
    {
        $identifier = $this->request->getPost('identifier');
        if ($this->sendOtpTo($identifier)) {
            return $this->response->setJSON(['status' => 'success']);
        }
        return $this->response->setJSON(['status' => 'error', 'message' => 'Rate limit exceeded'], 429);
    }

    public function verify()
    {
        $identifier = $this->request->getPost('identifier');
        $code       = $this->request->getPost('code');

        if ($this->verifyOtpFor($identifier, $code)) {
            return $this->response->setJSON(['status' => 'verified']);
        }

        return $this->response->setJSON(['status' => 'failed'], 401);
    }
}
```

### Option 3: Pre-built API Endpoints

[](#option-3-pre-built-api-endpoints)

The package includes a controller with ready-to-use endpoints. Register them in your `app/Config/Routes.php`:

```
$routes->get('otp', '\OtpAuth\Controllers\OtpController::sendView');
$routes->post('otp/send', '\OtpAuth\Controllers\OtpController::send');
$routes->post('otp/verify', '\OtpAuth\Controllers\OtpController::verify');
```

**Note:** The pre-built `send` endpoint expects `phone` or `email` field in the request depending on your `AUTH_MODE`.

---

⚙️ Configuration
----------------

[](#️-configuration)

KeyEnvironment VariableDefaultDescription`auth_mode``AUTH_MODE``''``phone` or `email`.`codeLength``OTP_LENGTH``6`Length of the generated OTP code.`expirySeconds``EXPIRY_DURATION_IN_SECOND``300`Time in seconds before OTP expires.`maxAttempts``MAX_ATTEMPTS``3`Maximum verification attempts allowed per OTP.`otpLimit``OTP_LIMIT_IN_MINUTS``''`Max OTPs allowed per minute for an identifier.---

🎨 Customizing Views
-------------------

[](#-customizing-views)

The plugin comes with default views for the OTP form and email templates. You can find them in `packages/otp-auth/src/Views/`. To customize them, you can override them in your application's `app/Views/` directory or modify the controller to point to your own views.

---

🧪 Testing
---------

[](#-testing)

The package comes with a comprehensive testing guide. See [TESTING.md](TESTING.md) for details on how to run tests and mock SMS/Email providers.

---

🤝 Contributing
--------------

[](#-contributing)

Contributions are welcome! Please feel free to submit a Pull Request.

---

📄 License
---------

[](#-license)

This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.

---

👨‍💻 Author
----------

[](#‍-author)

**Sujeet Shah**

- GitHub: [@Sujeet-shah](https://github.com/Sujeet-shah)

###  Health Score

32

—

LowBetter than 69% of packages

Maintenance71

Regular maintenance activity

Popularity5

Limited adoption so far

Community6

Small or concentrated contributor base

Maturity41

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~4 days

Total

2

Last Release

168d ago

Major Versions

v1.0.0 → v2.0.02026-01-16

### Community

Maintainers

![](https://avatars.githubusercontent.com/u/203604843?v=4)[Sujeet-shah](/maintainers/Sujeet-shah)[@Sujeet-shah](https://github.com/Sujeet-shah)

---

Top Contributors

[![Sujeet-shah](https://avatars.githubusercontent.com/u/203604843?v=4)](https://github.com/Sujeet-shah "Sujeet-shah (21 commits)")

###  Code Quality

TestsPHPUnit

### Embed Badge

![Health badge](/badges/sujeet-shah-otp-plugin/health.svg)

```
[![Health](https://phpackages.com/badges/sujeet-shah-otp-plugin/health.svg)](https://phpackages.com/packages/sujeet-shah-otp-plugin)
```

###  Alternatives

[codeigniter4/appstarter

CodeIgniter4 starter app

1791.8M](/packages/codeigniter4-appstarter)[abydahana/aksara

Aksara is a CodeIgniter based CRUD Toolkit you can use to build complex applications become shorter, secure and more reliable just in a few lines of code. Serving both CMS or Framework, produce both HEADLESS (RESTful API) or TRADITIONAL (Browser Based), just by writing single controller. Yet it's reusable, scalable and ready to use!

1111.2k](/packages/abydahana-aksara)[irsyadulibad/codeigniter4-datatables

Server side DataTables library for CodeIgniter4 framework

702.5k](/packages/irsyadulibad-codeigniter4-datatables)[mufidjamaluddin/codeigniter4-hmvc

CodeIgniter4 HMVC starter app

672.0k](/packages/mufidjamaluddin-codeigniter4-hmvc)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
