Weave Code
Code Weaver
Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.
Feedback
Share your thoughts, report bugs, or suggest improvements.
Subject
Message
Log in Register
Home
Packages
Laravel One Time Passwords
Readme

Laravel One Time Passwords Laravel Package

spatie/laravel-one-time-passwords

Securely generate and consume one-time passwords in Laravel. Ships with notifications (email by default, extensible to SMS/other channels) and a ready-to-use Livewire login component. Optionally enhances the OTP input UI automatically when Flux is installed.

View on GitHub
Deep Wiki
Context7

Latest Version on Packagist GitHub Tests Action Status GitHub Code Style Action Status Total Downloads

Using this package, you can securely create and consume one-time passwords. By default, a one-time password is a number of six digits long that will be sent via a mail notification. This notification can be extended so it can be sent via other channels, like SMS.

The package ships with a Livewire component to allow users to log in using a one-time password.

image

image

Enhanced UI with Flux

For an improved OTP input experience, you can optionally install Flux. When Flux is detected, the package will automatically use the Flux OTP input component instead of a standard text input.

To install Flux, follow the instructions on their website: https://fluxui.dev

Build your own UI

Alternatively, you can build the one-time password login flow you want with the easy-to-use methods the package provides.

Here's how you would send a one-time password to a user

// send a mail containing a one-time password

$user->sendOneTimePassword();

This is what the notification mail looks like:

image

Here's how you would try to log in a user using a one-time password.

use Spatie\OneTimePasswords\Enums\ConsumeOneTimePasswordResult;

$result = $user->attemptLoginUsingOneTimePassword($oneTimePassword);

if ($result->isOk()) {
     // it is best practice to regenerate the session id after a login   
     $request->session()->regenerate();
              
     return redirect()->intended('dashboard');
}

return back()->withErrors([
    'one_time_password' => $result->validationMessage(),
])->onlyInput('one_time_password');

The package tries to make one-time passwords as secure as can be by:

  • letting them expire in a short timeframe (2 minutes by default)
  • only allowing to consume a one-time password on the same IP and user agent as it was generated

All behavior is implemented in action classes that can be modified to your liking.

Documentation

All documentation is available on our documentation site.

Support us

We invest a lot of resources into creating best in class open source packages. You can support us by buying one of our paid products.

We highly appreciate you sending us a postcard from your hometown, mentioning which of our package(s) you are using. You'll find our address on our contact page. We publish all received postcards on our virtual postcard wall.

Testing

composer test

Changelog

Please see CHANGELOG for more information on what has changed recently.

Contributing

Please see CONTRIBUTING for details.

Security Vulnerabilities

Please review our security policy on how to report security vulnerabilities.

Credits

License

The MIT License (MIT). Please see License File for more information.

Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.
Prompt
Add packages to context
No packages found.
davejamesmiller/laravel-breadcrumbs
artisanry/parsedown
christhompsontldr/phpsdk
enqueue/dsn
bunny/bunny
enqueue/test
enqueue/null
enqueue/amqp-tools
milesj/emojibase
bower-asset/punycode
bower-asset/inputmask
bower-asset/jquery
bower-asset/yii2-pjax
laravel/nova
spatie/laravel-mailcoach
spatie/laravel-superseeder
laravel/liferaft
nst/json-test-suite
danielmiessler/sec-lists
jackalope/jackalope-transport