PHPackages vxm/yii2-mfa - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. vxm/yii2-mfa ActiveYii2-extension[Authentication & Authorization](/categories/authentication) vxm/yii2-mfa ============ Multi-factor authentication for yii2 1.0.1(5y ago)1440.5k↓43.8%12[2 PRs](https://github.com/vuongxuongminh/yii2-mfa/pulls)BSD-3-ClausePHPPHP >=7.1 Since Apr 10Pushed 2y ago2 watchersCompare [ Source](https://github.com/vuongxuongminh/yii2-mfa)[ Packagist](https://packagist.org/packages/vxm/yii2-mfa)[ RSS](/packages/vxm-yii2-mfa/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (2)Dependencies (2)Versions (3)Used By (0) Yii2 MFA ======== [](#yii2-mfa) [![Latest Stable Version](https://camo.githubusercontent.com/8aa813df5cfc15f1c2b2068934f662f9cb39a7f49b296adc9d21833853630b55/68747470733a2f2f706f7365722e707567782e6f72672f76786d2f796969322d6d66612f762f737461626c65)](https://packagist.org/packages/vxm/yii2-mfa)[![Total Downloads](https://camo.githubusercontent.com/cf3d704e761560e9d03180860b0a7468bbd45e51bc30012da5d3d9b1245f663a/68747470733a2f2f706f7365722e707567782e6f72672f76786d2f796969322d6d66612f646f776e6c6f616473)](https://packagist.org/packages/vxm/yii2-mfa)[![Build Status](https://camo.githubusercontent.com/d94426c931e309e3e947905dc32173859c2ddd123d3f70f7e9645edb9d487bb2/68747470733a2f2f7472617669732d63692e6f72672f76756f6e6778756f6e676d696e682f796969322d6d66612e7376673f6272616e63683d6d6173746572)](https://travis-ci.org/vuongxuongminh/yii2-mfa)[![Code Coverage](https://camo.githubusercontent.com/d42d78d4ffaf7a7daca1e7a9c51696d47146e7dbbed87ae663a1ed00f6712ccc/68747470733a2f2f7363727574696e697a65722d63692e636f6d2f672f76756f6e6778756f6e676d696e682f796969322d6d66612f6261646765732f636f7665726167652e706e673f623d6d6173746572)](https://scrutinizer-ci.com/g/vuongxuongminh/yii2-mfa/?branch=master)[![Scrutinizer Code Quality](https://camo.githubusercontent.com/315f64a8c8a9831a31db6f5e07c384af49a8de6372c87059abcfe864ec8874d7/68747470733a2f2f7363727574696e697a65722d63692e636f6d2f672f76756f6e6778756f6e676d696e682f796969322d6d66612f6261646765732f7175616c6974792d73636f72652e706e673f623d6d6173746572)](https://scrutinizer-ci.com/g/vuongxuongminh/yii2-mfa/?branch=master)[![Yii2](https://camo.githubusercontent.com/d6b0929173e28cc627430d2519ca1853466a70f37395877eaf4820cb3e1e1909/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f506f77657265645f62792d5969695f4672616d65776f726b2d677265656e2e7376673f7374796c653d666c6174)](http://www.yiiframework.com/) About it -------- [](#about-it) An extension support implementing multi factor authenticate base on [Spomky-Labs/otphp](https://github.com/Spomky-Labs/otphp) wrapper for Yii2 user component. Requirements ------------ [](#requirements) - [PHP >= 7.1](http://php.net) - [yiisoft/yii2 >= 2.0.13](https://github.com/yiisoft/yii2) Installation ------------ [](#installation) Require Yii2 MFA using [Composer](https://getcomposer.org): ``` composer require vxm/yii2-mfa ``` Usage ----- [](#usage) ### App config [](#app-config) ``` 'components' => [ 'user' => [ 'as mfa' => [ 'class' => 'vxm\mfa\Behavior', 'verifyUrl' => 'site/mfa-verify' // verify action, see bellow for setup it ] ], ] ``` ### Identity implementing [](#identity-implementing) When use it, your identity class must be implementing `vxm\mfa\IdentityInterface` this interface extends from `yii\web\IdentityInterface`add `getMfaSecretKey()`, this method return a mfa key of an identity use for generate and validate otp or return null if mfa disabled on an identity. ``` use yii\db\ActiveRecord; use vxm\mfa\IdentityInterface; /** * @property string $mfa_secret */ class User extends ActiveRecord implements IdentityInterface { public function getMfaSecretKey() { return $this->mfa_secret; } } ``` ### Verify action config [](#verify-action-config) This action use to redirect user when user login and need to be verify mfa otp. Config it in to `actions` method of your `controller` ``` public function actions() { return [ 'mfa-verify' => [ 'class' => 'vxm\mfa\VerifyAction', 'viewFile' => 'mfa-verify', // the name of view file use to render view. If not set an action id will be use, in this case is `mfa-verify` 'formVar' => 'model', // the name of variable use to parse [[\vxm\mfa\OtpForm]] object to view file. 'retry' => true, // allow user retry when type wrong otp 'successCallback' => [$this, 'mfaPassed'], // callable call when user type valid otp if not set [[yii\web\Controller::goBack()]] will be call. 'invalidCallback' => [$this, 'mfaOtpInvalid'], // callable call when user type wrong otp if not set and property `retry` is false [[yii\web\User::loginRequired()]] will be call, it should be use for set flash notice to user. 'retry' => true, // allow user retry when type wrong otp ] ]; } ``` After setup verify action, you need create a view (mfa-verify) in this view have a variable `model` is instance of `vxm\mfa\OtpForm` use to create a form submit an otp ``` /** * @var \vxm\mfa\OtpForm $model */ use yii\helpers\Html; use yii\widgets\ActiveForm; $form = ActiveForm::begin(); echo Html::tag('h1', 'Multi factor authenticate'); echo $form->field($model, 'otp'); echo Html::submitButton('Verify'); ActiveForm::end(); ``` ### QR Code widget for authenticator [](#qr-code-widget-for-authenticator) After setup all, when user enabled mfa (mfaSecretKey is set) you need to provide a qr code for app like google authenticator to generate an otp. Use `vxm\mfa\QrCodeWidget` to render a qr code image in view ``` use vxm\mfa\QrCodeWidget; echo QrCodeWidget::widget([ 'label' => Yii::$app->user->identity->email, 'issuer' => Yii::$app->name ]); ``` [![](resource/authenticator.jpg)](resource/authenticator.jpg) > Notice: when use this widget ensure user had been logged in, if not an `yii\base\InvalidCallException` will be throw. ### Health Score 36 — LowBetter than 82% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity39 Limited adoption so far Community14 Small or concentrated contributor base Maturity56 Maturing project, gaining track record Bus Factor1 Top contributor holds 95.2% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~440 days Total 2 Last Release 2155d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/8901d64a1059726b851dbdd91463ad1d3169f9dba6a2dcff11d05f97d9bccaea?d=identicon)[vuongxuongminh](/maintainers/vuongxuongminh) --- Top Contributors [![vuongxuongminh](https://avatars.githubusercontent.com/u/38932626?v=4)](https://github.com/vuongxuongminh "vuongxuongminh (20 commits)")[![xandros15](https://avatars.githubusercontent.com/u/10834079?v=4)](https://github.com/xandros15 "xandros15 (1 commits)") --- Tags hotpmfatotpyii2-extensionyii2extensionMFA ### Embed Badge ![Health badge](/badges/vxm-yii2-mfa/health.svg) ``` [![Health](https://phpackages.com/badges/vxm-yii2-mfa/health.svg)](https://phpackages.com/packages/vxm-yii2-mfa) ``` ### Alternatives [kakadu-dev/yii2-jwt-auth Extension provide JWT auth for Yii2 105.8k](/packages/kakadu-dev-yii2-jwt-auth) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)