PHPackages                             xp-forge/google-authenticator - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. xp-forge/google-authenticator

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

xp-forge/google-authenticator
=============================

Google authenticator (HOTP &amp; TOTP)

v6.0.0(1y ago)01.4k↓88.9%BSD-3-ClausePHPPHP &gt;=7.4.0

Since Jan 25Pushed 1y ago1 watchersCompare

[ Source](https://github.com/xp-forge/google-authenticator)[ Packagist](https://packagist.org/packages/xp-forge/google-authenticator)[ Docs](http://xp-framework.net/)[ RSS](/packages/xp-forge-google-authenticator/feed)WikiDiscussions master Synced 3w ago

READMEChangelog (10)Dependencies (2)Versions (16)Used By (0)

Google authenticator
====================

[](#google-authenticator)

[![Build status on GitHub](https://github.com/xp-forge/google-authenticator/workflows/Tests/badge.svg)](https://github.com/xp-forge/google-authenticator/actions)[![XP Framework Module](https://raw.githubusercontent.com/xp-framework/web/master/static/xp-framework-badge.png)](https://github.com/xp-framework/core)[![BSD Licence](https://raw.githubusercontent.com/xp-framework/web/master/static/licence-bsd.png)](https://github.com/xp-framework/core/blob/master/LICENCE.md)[![Requires PHP 7.4+](https://raw.githubusercontent.com/xp-framework/web/master/static/php-7_4plus.svg)](http://php.net/)[![Supports PHP 8.0+](https://raw.githubusercontent.com/xp-framework/web/master/static/php-8_0plus.svg)](http://php.net/)[![Latest Stable Version](https://camo.githubusercontent.com/7c22a730574bfb063e826251cf765c933d2ec5827716c91248bd4eeba49c4446/68747470733a2f2f706f7365722e707567782e6f72672f78702d666f7267652f676f6f676c652d61757468656e74696361746f722f76657273696f6e2e737667)](https://packagist.org/packages/xp-forge/google-authenticator)

Supports one-time passwords accordings (HOTP &amp; TOTP) according to [RFC 4226](http://tools.ietf.org/html/rfc4226) and [RFC 6238](http://tools.ietf.org/html/rfc6238).

Working with one-time passwords
-------------------------------

[](#working-with-one-time-passwords)

The following shows the API for time-based one-time passwords (TOTP):

```
use com\google\authenticator\{TimeBased, Tolerance};
use util\Secret;

$secret= new Secret('2BX6RYQ4MD5M46KP');
$timebased= new TimeBased($secret);
$time= time();

// Get token for a given time
$token= $timebased->at($time);
$token= $timebased->current();

// Must match exactly
$verified= $timebased->verify($token, $time, Tolerance::$NONE);

// Allows previous and next
$verified= $timebased->verify($token);
$verified= $timebased->verify($token, $time);
$verified= $timebased->verify($token, $time, Tolerance::$PREVIOUS_AND_NEXT);
```

The following shows the API for counter-based one-time passwords (HOTP):

```
use com\google\authenticator\{CounterBased, Tolerance};
use util\Secret;

$secret= new Secret('2BX6RYQ4MD5M46KP');
$counterbased= new CounterBased($secret);
$counter= 0;

// Get token for a given counter
$token= $counterbased->at($counter);

// Must match exactly
$verified= $counterbased->verify($token, $counter, Tolerance::$NONE);

// Allows previous and next
$verified= $counterbased->verify($token, $counter);
$verified= $counterbased->verify($token, $counter, Tolerance::$PREVIOUS_AND_NEXT);
```

*Note: We use util.Secret so that in case of exceptions, the secret will not appear in stack traces.*

Creating secrets
----------------

[](#creating-secrets)

As an issuer of OTPs, you need to create random secrets in order to seed both client and server. Using the *provisioningUri()* method, you can fetch the URIs used to configure the clients.

```
use com\google\authenticator\{CounterBased, TimeBased, Secrets};

$random= Secrets::random();

// HOTP, otpauth://hotp/{account}?secret={secret}&counter={counter}
$counterbased= new CounterBased($random);
$uri= $counterbased->provisioningUri($account);             // Start with counter= 0
$uri= $counterbased->provisioningUri($account, $initial);   // Start with counter= $initial

// TOTP, otpauth://totp/{account}?secret={secret}
$timebased= new TimeBased($random);
$uri= $timebased->provisioningUri($account);

// Pass a map of string to append additional parameters
$uri= $timebased->provisioningUri($account, ['issuer' => 'ACME Co']);

// Pass an array to namespace the account, yields "ACME%20Co:user@example.com"
$uri= $timebased->provisioningUri(['ACME Co', 'user@example.com']);
```

###  Health Score

37

—

LowBetter than 81% of packages

Maintenance41

Moderate activity, may be stable

Popularity14

Limited adoption so far

Community9

Small or concentrated contributor base

Maturity71

Established project with proven stability

 Bus Factor1

Top contributor holds 98.7% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~262 days

Recently: every ~443 days

Total

15

Last Release

492d ago

Major Versions

v1.0.1 → v2.0.02016-02-21

v2.0.0 → v3.0.02017-11-15

v3.1.0 → v4.0.02018-09-17

v4.0.1 → v5.0.02020-04-10

v5.2.0 → v6.0.02025-02-16

PHP version history (5 changes)v0.1.0PHP &gt;=5.4.0

v1.0.0PHP &gt;=5.5.0

v3.0.0PHP &gt;=5.6.0

v5.0.0PHP &gt;=7.0.0

v6.0.0PHP &gt;=7.4.0

### Community

Maintainers

![](https://www.gravatar.com/avatar/07d18d882c8b4aaf3466432f64018214f2771eda333202175431ee7233795376?d=identicon)[thekid](/maintainers/thekid)

---

Top Contributors

[![thekid](https://avatars.githubusercontent.com/u/696742?v=4)](https://github.com/thekid "thekid (78 commits)")[![kiesel](https://avatars.githubusercontent.com/u/127769?v=4)](https://github.com/kiesel "kiesel (1 commits)")

---

Tags

hotpmfarfc-4226rfc-6238totpxp-frameworkmodulexp

### Embed Badge

![Health badge](/badges/xp-forge-google-authenticator/health.svg)

```
[![Health](https://phpackages.com/badges/xp-forge-google-authenticator/health.svg)](https://phpackages.com/packages/xp-forge-google-authenticator)
```

###  Alternatives

[xp-framework/compiler

XP Compiler

1926.5k9](/packages/xp-framework-compiler)[lm-commons/lmc-rbac-mvc

Laminas Framework MVC Module that provides a layer of features of Laminas\\Permissions\\Rbac

12425.4k10](/packages/lm-commons-lmc-rbac-mvc)[org_heigl/hybridauth

Lightweight Authentication Module for Zend-Framework 2 using the hybridauth-library

212.6k](/packages/org-heigl-hybridauth)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)