Weave Code
Code Weaver
Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.
Feedback
Share your thoughts, report bugs, or suggest improvements.
Subject
Message
Log in Register
Home
Packages
Laravel One Time Passwords
Docs

Laravel One Time Passwords Laravel Package

spatie/laravel-one-time-passwords

Generate and verify secure one-time passwords (6‑digit by default) in Laravel. Sends OTPs via mail notifications (extendable to SMS/other channels) and includes a Livewire login component. Optional Flux support provides an enhanced OTP input UI.

View on GitHub
Deep Wiki
Context7

title: Consuming one-time passwords weight: 4

The package provides two methods to consume one-time passwords: attemptLoginUsingOneTimePassword and consumeOneTimePassword. Both of them will verify the given one-time password and return an instance of the ConsumeOneTimePasswordResult enum. If the one-time password is correct, the underlying OneTimePassword model for that password will be deleted, ensure that a one-time password can only be used once.

By default, a one-time password can only be used on the same origin it was created on. This is to prevent a one-time password from being used on a different device or browser. You can read more about this in the Enforcing Origin section.

Consuming one-time passwords

When implementing your login flow using one-time passwords, you can use the attemptLoginUsingOneTimePassword method which will verify the given one-time password and log in the user.

Here's an example:

use Spatie\OneTimePasswords\Enums\ConsumeOneTimePasswordResult;

// $result is an instance of the ConsumeOneTimePasswordResult enum.
$result = $user->attemptLoginUsingOneTimePassword($oneTimePassword, remember: false);

if ($result->isOk()) {
     // it is best practice to regenerate the session id after a login   
     $request->session()->regenerate();
              
     return redirect()->intended('dashboard');
}

return back()->withErrors([
    'one_time_password' => $result->validationMessage(),
])->onlyInput('one_time_password');

Alternatively, you can use the consumeOneTimePassword. Which will do the same as attemptLoginUsingOneTimePassword except it won't log in the user.

$result = $user->consumeOneTimePassword($oneTimePassword);

Inspecting the result

Both attemptLoginUsingOneTimePassword and consumeOneTimePassword will return an instance of the ConsumeOneTimePasswordResult enum which has these cases:

  • Ok: The one-time password was correct.
  • NoOneTimePasswordsFound: The user has no one-time passwords.
  • IncorrectOneTimePassword: The one-time password was incorrect.
  • DifferentOrigin: The one-time password was created from a different origin.
  • OneTimePasswordExpired: The one-time password has expired.
  • RateLimitExceeded: The user has exceeded the rate limit for one-time passwords.
Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.
Prompt
Add packages to context
No packages found.
hexters/coinpayment
rjcodes/rjcms
act-training/laravel-permissions-manager
alimarchal/laravel-chart-of-accounts
babenkoivan/elastic-scout-driver
mkwebdesign/filament-watchdog-v5
renatomarinho/laravel-page-speed
zedmagdy/filament-business-hours
renatovdemoura/blade-elements-ui
devgeek/beacon-admin
benjamin-rqt/data-watcher-bundle
atriumphp/atrium
sandermuller/package-boost-laravel
sandermuller/boost-skills
redaxo/core
yusufgenc/filament-api-forge
l3aro/rating-star-for-filament
leek/filament-subtenant-scope
anil/file-picker
broqit/fields-ai