Download the PHP package abmmhasan/otp without Composer
On this page you can find all versions of the php package abmmhasan/otp. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download abmmhasan/otp
More information about abmmhasan/otp
Files in abmmhasan/otp
Informations about the package otp
OTP
Simple but Secure AIO OTP solution. Supports,
- Generic OTP (storage-less otp solution)
- TOTP (RFC6238)
- HOTP (RFC4226)
- OCRA (RFC6287)
Table of Contents
- Prerequisites
- Installation
- Why this library?
- Usage
- HOTP (RFC4226)
- TOTP (RFC6238)
- Generic OTP
- OCRA (RFC6287)
- Support
- References
Prerequisites
Language: PHP 8.2/+
Library Version | PHP Version |
---|---|
3.x.x/+ | 8.2.x or Higher |
2.x.x | 8.x.x |
1.x.x | 7.x.x |
Installation
Why this library?
TOTP & HOTP
- Uses offline QR code generator (no more exposing your secret online)
- Time-safe Base32 encoding (30 seconds validity means 30 seconds)
Generic OTP
- No need to dedicate extra storage/db for User information (just build a unique signature)
OCRA
- One of a few implementation in PHP, easy to use
Usage
HOTP (RFC4226)
-
Generate secret
- Get QR Code Image for secret $secret (in SVG format)
The
getProvisioningUriQR
&getProvisioningUri
accepts 3rd parameter, where it takes array of parameters['algorithm', 'digits', 'period', 'counter']
. Problem you might encounter, with the URI/Image is that most of the OTP generator might not support all of those options. In that case, passing in a blank array will remove all the optional keys, or you can pass in selective parameters as you need. Additionally, you can also pass in additional parameter to reflect in URI string or QR image in 4th parameter. But be cautious that, it might not be supported by the Client Apps.
-
Get current OTP for a given counter
- Verify
TOTP (RFC6238)
-
Generate secret
- Get QR Code Image for secret $secret (in SVG format)
The
getProvisioningUriQR
&getProvisioningUri
accepts 3rd parameter, where it takes array of parameters['algorithm', 'digits', 'period', 'counter']
. Problem you might encounter, with the URI/Image is that most of the OTP generator might not support all of those options. In that case, passing in a blank array will remove all the optional keys, or you can pass in selective parameters as you need. Additionally, you can also pass in additional parameter to reflect in URI string or QR image in 4th parameter. But be cautious that, it might not be supported by the Client Apps.
-
Get current OTP for a given counter
- Verify
On 3rd parameter
(bool)
it supports, enabling leeway. If enabled, it will also check with last segment's generated otp.
Generic OTP
-
Initiate
-
Generate & get the OTP
- Verify the OTP
On 3rd parameter setting false
will keep the record till the otp is verified or expired
. By default,will keep the record till the key name match or the otp is verified or expired
-
Delete a record
- Flush all the existing OTPs (if any)
Generic OTP uses temporary location for storage, make sure you have proper access permission
OCRA (RFC6287)
Forming an OCRA Suite
According to current RFC6287, an example string should be in the following format:
Here OCRA-1:HOTP-
is fixed as of current documentation.
- SHA1 is cryptographic hash function. (supported: SHA1, SHA256, SHA512)
- 6 is the number of digits in the generated OTP. (supported: 0, 4-10)
- C denotes counter support (optional)
- QN08 denotes the mode (it can be either of QNxx, QAxx, QHxx)
Format (F) | Up to Length (xx) |
---|---|
A (alphanumeric) | 04-64 |
N (numeric) | 04-64 |
H (hexadecimal) | 04-64 |
- Next part is optional & little tricky
- PSHA1 denotes the hash function used for pin support (it can be either of PSHA1, PSHA256, PSHA512)
- S (not in example) denotes session length (3 digits)
- T (not in example) denotes time format as of below table,
Time-Step Size (G) | Examples |
---|---|
[1-59]S | number of seconds, e.g., 20S |
[1-59]M | number of minutes, e.g., 5M |
[0-48]H | number of hours, e.g., 24H |
Support
Having trouble? Create an issue!
References
- HOTP (RFC4226): https://tools.ietf.org/html/rfc4226
- TOTP (RFC6238): https://tools.ietf.org/html/rfc6238
- OCRA (RFC6287): https://tools.ietf.org/html/rfc6287
All versions of otp with dependencies
bacon/bacon-qr-code Version ^3.0
paragonie/constant_time_encoding Version ^3.0
symfony/cache Version ^7.0