PHPackages xakki/google-authenticator - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. xakki/google-authenticator ActiveLibrary[Authentication & Authorization](/categories/authentication) xakki/google-authenticator ========================== Code to authenticate against the Google Authenticator app 0144PHPCI passing Since Mar 26Pushed 1y agoCompare [ Source](https://github.com/Xakki/google-authenticator)[ Packagist](https://packagist.org/packages/xakki/google-authenticator)[ RSS](/packages/xakki-google-authenticator/feed)WikiDiscussions main Synced 1mo ago READMEChangelogDependenciesVersions (2)Used By (0) GoogleAuthenticator =================== [](#googleauthenticator) Author's note ------------- [](#authors-note) Although this library is not deprecated by any means and should continue to work well, since the release of this library other projects have implemented this in a non-terrible style and have gained reasonable traction. Before you implement this, consider whether [otphp](https://github.com/Spomky-Labs/otphp) may suit your use case. Introduction ------------ [](#introduction) 2 factor authentication is pretty awesome. Far too many people use the same password for multiple things, and sometimes it's nice to actually have a secure application. Using the Google Authenticator allows people to have another layer of security that will only allow them to access your web application/service if they have both the password and the correctly setup Google Authenticator app on their phone. Implementation -------------- [](#implementation) As far as I could tell, there were (at the time of writing) 2 other PHP libraries for interacting with the Google Authenticator. Both of which work but neither of which seem to be updated much nor incorporate modern best practises. This library has the advantage of being slightly nicer (I hope) to integrate into existing libraries, and contains inbuilt support for using a PSR-6 cache interface to reduce the possibility of a replay attack. Usage ----- [](#usage) You can initially create the a secret code for use in your application using: ``` $issuer = "MyAwesomeCorp"; $accountName = "MrsSmith"; $secretFactory = new SecretFactory(); $secret = $secretFactory->create($issuer, $accountName); ``` This gives you a secret. You should: 1. feed this object into a QrImageGenerator so your user can scan the QR code into their phone 2. attach the secret to their user account so you can query it There are 2 ImageGenerator implementations included with this library: 1. EndroidQrImageGenerator which requires you composer require `endroid/qr-code:^6.0` which generates it without any external service dependencies. 2. GoogleImageGenerator which uses the Google QR code API to generate the image. I'd recommend using Endroid as it seems that Google has now [deprecated their QR code API](https://developers.google.com/chart/infographics/docs/qr_codes) If neither of these fit the bill for some reason, it's easy to create another implementation, as all it needs to do is generate a QR code for the data in `$secret->getUri()` You can verify that the user has been successful by using this: ``` $googleAuth = new GoogleAuthenticator(); $googleAuth->authenticate($secret, $code); ``` Authenticate will either boolean true/false. If you want to use a PSR-6 cache interface to attempt to prevent replay attacks, you can do so like so: ``` $googleAuth = new GoogleAuthenticator(); $googleAuth->setCache($cacheItemPoolInterface); $googleAuth->authenticate($secret, $code); ``` If the code has been used for that secret in the last 30 seconds, it will return false. Examples -------- [](#examples) An example working implementation of this code can be found in the example.php file, which can be run either as: ``` php example.php ``` Which will allow you to generate a secret, then test it, or: ``` php example.php mysecretcode ``` Which will allow you to take an already existing code and again, test if your code is valid References ---------- [](#references) Other PHP Google Authenticator implementations: - - Specification for Google Authenticator: - ### Health Score 18 — LowBetter than 8% of packages Maintenance34 Infrequent updates — may be unmaintained Popularity10 Limited adoption so far Community12 Small or concentrated contributor base Maturity17 Early-stage or recently created project Bus Factor1 Top contributor holds 78.4% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Community Maintainers ![](https://avatars.githubusercontent.com/u/426468?v=4)[Xakki](/maintainers/Xakki)[@Xakki](https://github.com/Xakki) --- Top Contributors [![dochne](https://avatars.githubusercontent.com/u/1678803?v=4)](https://github.com/dochne "dochne (29 commits)")[![biozshock](https://avatars.githubusercontent.com/u/169384?v=4)](https://github.com/biozshock "biozshock (3 commits)")[![bugreportuser](https://avatars.githubusercontent.com/u/37939393?v=4)](https://github.com/bugreportuser "bugreportuser (1 commits)")[![csbarker-jobadder](https://avatars.githubusercontent.com/u/94833755?v=4)](https://github.com/csbarker-jobadder "csbarker-jobadder (1 commits)")[![jdreesen](https://avatars.githubusercontent.com/u/424602?v=4)](https://github.com/jdreesen "jdreesen (1 commits)")[![nitinsbuzz](https://avatars.githubusercontent.com/u/19207271?v=4)](https://github.com/nitinsbuzz "nitinsbuzz (1 commits)")[![samnela](https://avatars.githubusercontent.com/u/1852108?v=4)](https://github.com/samnela "samnela (1 commits)") ### Embed Badge ![Health badge](/badges/xakki-google-authenticator/health.svg) ``` [![Health](https://phpackages.com/badges/xakki-google-authenticator/health.svg)](https://phpackages.com/packages/xakki-google-authenticator) ``` ### Alternatives [bezhansalleh/filament-shield Filament support for `spatie/laravel-permission`. 2.8k2.9M88](/packages/bezhansalleh-filament-shield)[gesdinet/jwt-refresh-token-bundle Implements a refresh token system over Json Web Tokens in Symfony 70516.4M35](/packages/gesdinet-jwt-refresh-token-bundle)[illuminate/auth The Illuminate Auth package. 9327.3M1.0k](/packages/illuminate-auth)[beatswitch/lock A flexible, driver based Acl package for PHP 5.4+ 870304.7k2](/packages/beatswitch-lock)[amocrm/amocrm-api-library amoCRM API Client 182728.5k6](/packages/amocrm-amocrm-api-library)[vonage/jwt A standalone package for creating JWTs for Vonage APIs 424.1M4](/packages/vonage-jwt) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)