PHPackages                             xddesigners/otp-authenticator - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. xddesigners/otp-authenticator

ActiveSilverstripe-vendormodule[Authentication &amp; Authorization](/categories/authentication)

xddesigners/otp-authenticator
=============================

A OTP authenticator for use with silverstripe/mfa

1.0.3(4y ago)31683[1 PRs](https://github.com/xddesigners/otp-authenticator/pulls)BSD-3-ClauseSCSSPHP ^7.4 || ^8.0

Since Mar 16Pushed 3y ago2 watchersCompare

[ Source](https://github.com/xddesigners/otp-authenticator)[ Packagist](https://packagist.org/packages/xddesigners/otp-authenticator)[ RSS](/packages/xddesigners-otp-authenticator/feed)WikiDiscussions main Synced 4w ago

READMEChangelogDependencies (6)Versions (8)Used By (0)

SilverStripe OPT Authenticator
==============================

[](#silverstripe-opt-authenticator)

Log in to SilverStripe with an One Time Password

You can configure a provider to send trough SMS or use Email.

This module provides a authenticator that plugs in to the [silverstripe/mfa](https://github.com/silverstripe/silverstripe-mfa)module.

The default providers that ship with this module:

- Email
- [Twilio](https://www.twilio.com/sms)
- [SMSTools](https://www.smstools.nl/)

Requirements
------------

[](#requirements)

- PHP ^7.4
- SilverStripe ^4.1
- silverstripe/mfa: ^4.0
- twilio/sdk: "^6.35"
- giggsey/libphonenumber-for-php: "^8.12"

Installation
------------

[](#installation)

Install with Composer:

```
composer require xddesigners/otp-authenticator
```

The email provider is configured by default and requires no further setup.

If you want to change providers, to SMSTools for example, you can add the following to your .yml config:

```
SilverStripe\Core\Injector\Injector:
  XD\OTPAuthenticator\Providers\SendProvider:
    class: XD\OTPAuthenticator\Providers\SMSToolsProvider
    # The other providers:
    # class: XD\OTPAuthenticator\Providers\EmailProvider
    # class: XD\OTPAuthenticator\Providers\TwilioProvider
```

For Twillio and SMSTools you'll need to define authentication tokens in your environment:

```
# Twilio API credentials
# (find here https://www.twilio.com/console)
TWILIO_ACCOUNT_SID="SID"
TWILIO_AUTH_TOKEN="TOKEN"
TWILIO_PHONE_NUMBER="PHONE NUMBER"

# SMS Tools credentials
SMS_TOOLS_CLIENT_ID="CLIENT_ID"
SMS_TOOLS_CLIENT_SECRET="CLIENT_SECRET"
```

### pass exisiting send to address

[](#pass-exisiting-send-to-address)

This can be an existing phone number, or if you use the email provider an existing email address. On your member add the method `otpSendTo` that returns an `OTPSendTo` object. The additional data can be used by the configured provider for validation and is also stored on the `RegisteredMethod`. The SMS providers use an extra `region` property to validate the phone number for example.

```
public function otpSendTo()
{
    return new OTPSendTo($member->Email, ['additional' => 'data']);
}
```

### create a custom send provider

[](#create-a-custom-send-provider)

If you want to make use of a different service to pass the code you can create a custom provider. You'll need to extend the abstract `SendProvider` class and implement the required methods.

```
class MySendProvider extends XD\OTPAuthenticator\Providers\SendProvider
{
/**
     * Send the code
     */
    public function send($code, $to): bool
    {}

    /**
     * Validate the send to address
     */
    public function validate($to, $data): bool
    {}

    /**
     * Add a regex to validate the input on the frond end
     */
    public function getFieldValidate(): string
    {}

    /**
     * method to check if the provider is properly set up
     */
    public function enabled(): bool
    {}

    /**
     * Obfuscate the sent to address.
     * So a user has a way to verify the sent address is correct
     * but in a way an unallowed user couldn't make out the complete address
     */
    public function obfuscateTo($to): string
    {}

    /**
     * Register the field type to switch to.
     * Accepts phone, email, or text
     */
    public function getFieldType(): string
    {}

    /**
     * Register the field label
     */
    public function getFieldLabel(): string
    {}
}
```

###  Health Score

29

—

LowBetter than 60% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity16

Limited adoption so far

Community10

Small or concentrated contributor base

Maturity58

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~7 days

Total

5

Last Release

1487d ago

Major Versions

0.0.1 → 1.0.02022-04-07

### Community

Maintainers

![](https://www.gravatar.com/avatar/6131c03b7f5ba6b10fef192c90d68d57508e84c007a13321df6960b8298e19d1?d=identicon)[TheBnl](/maintainers/TheBnl)

---

Top Contributors

[![TheBnl](https://avatars.githubusercontent.com/u/1334195?v=4)](https://github.com/TheBnl "TheBnl (1 commits)")

---

Tags

securityAuthenticationsilverstripe2fasmstwiliocmsMFAauthysmsTools

###  Code Quality

TestsPHPUnit

Code StylePHP\_CodeSniffer

### Embed Badge

![Health badge](/badges/xddesigners-otp-authenticator/health.svg)

```
[![Health](https://phpackages.com/badges/xddesigners-otp-authenticator/health.svg)](https://phpackages.com/packages/xddesigners-otp-authenticator)
```

###  Alternatives

[scheb/2fa

Two-factor authentication for Symfony applications (please use scheb/2fa-bundle to install)

578630.7k1](/packages/scheb-2fa)[ellaisys/aws-cognito

AWS Cognito package that allows Auth and other related features using the AWS SDK for PHP

120220.7k1](/packages/ellaisys-aws-cognito)[rinvex/authy

Rinvex Authy is a simple wrapper for Authy TOTP API, the best rated Two-Factor Authentication service for consumers, simplest 2fa Rest API for developers and a strong authentication platform for the enterprise.

35188.4k1](/packages/rinvex-authy)[rinvex/laravel-authy

Rinvex Authy is a simple wrapper for Authy TOTP, the best rated Two-Factor Authentication service for consumers, simplest 2fa Rest API for developers and a strong authentication platform for the enterprise.

3376.7k1](/packages/rinvex-laravel-authy)[sicaboy/laravel-mfa

A Laravel package of Multi-factor Authentication (MFA/2FA) with a middleware.

101.2k](/packages/sicaboy-laravel-mfa)[alexgeno/phone-verification-laravel

A library for phone verification via Laravel notification channels. Any notification channel can be used as a sender, and Redis or MongoDB can be used as a storage.

112.4k](/packages/alexgeno-phone-verification-laravel)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)