PHP class to generate and verify Google Authenticator 2-factor authentication
Alternatives To Googleauthenticator
Project NameStarsDownloadsRepos Using ThisPackages Using ThisMost Recent CommitTotal ReleasesLatest ReleaseOpen IssuesLicenseLanguage
Aws Iam Authenticator2,04564a day ago52August 10, 202330apache-2.0Go
A tool to use AWS IAM credentials to authenticate to a Kubernetes cluster
Googleauthenticator1,7672493 years agoJuly 16, 202332bsd-2-clausePHP
PHP class to generate and verify Google Authenticator 2-factor authentication
Google2fa1,611585777 months ago33April 05, 20205mitPHP
A One Time Password Authentication package, compatible with Google Authenticator.
Sparkmagic1,2511759 days ago56September 13, 2023144otherPython
Jupyter magics and kernels for working with remote Spark clusters
Awesome Webauthn1,071
4 days ago2cc0-1.0
A curated list of awesome WebAuthn/FIDO2 and now Passkey resources
Steam8492993 months ago67May 15, 202234mitPython
☁️ Python package for interacting with Steam
Google2fa Laravel80066217 months ago25August 17, 202143mitPHP
A One Time Password Authentication package, compatible with Google Authenticator for Laravel
Otpauth65611214 days ago89November 10, 2022mitJavaScript
One Time Password (HOTP/TOTP) library for Node.js, Deno, Bun and browsers.
Webauthn Ruby5434414 days ago35September 15, 20229mitRuby
WebAuthn ruby server library ― Make your Ruby/Rails web server become a conformant WebAuthn Relying Party
Kerberos.net45615a month ago84August 11, 202232mitC#
A Kerberos implementation built entirely in managed code.
Alternatives To Googleauthenticator
Select To Compare

Alternative Project Comparisons

Google Authenticator PHP class

Build Status

This PHP class can be used to interact with the Google Authenticator mobile app for 2-factor-authentication. This class can generate secrets, generate codes, validate codes and present a QR-Code for scanning the secret. It implements TOTP according to RFC6238

For a secure installation you have to make sure that used codes cannot be reused (replay-attack). You also need to limit the number of verifications, to fight against brute-force attacks. For example you could limit the amount of verifications to 10 tries within 10 minutes for one IP address (or IPv6 block). It depends on your environment.


See following example:

require_once 'PHPGangsta/GoogleAuthenticator.php';

$ga = new PHPGangsta_GoogleAuthenticator();
$secret = $ga->createSecret();
echo "Secret is: ".$secret."\n\n";

$qrCodeUrl = $ga->getQRCodeGoogleUrl('Blog', $secret);
echo "Google Charts URL for the QR-Code: ".$qrCodeUrl."\n\n";

$oneCode = $ga->getCode($secret);
echo "Checking Code '$oneCode' and Secret '$secret':\n";

$checkResult = $ga->verifyCode($secret, $oneCode, 2);    // 2 = 2*30sec clock tolerance
if ($checkResult) {
    echo 'OK';
} else {
    echo 'FAILED';

Running the script provides the following output:


Google Charts URL for the QR-Code:|0&cht=qr&chl=otpauth://totp/

Checking Code '848634' and Secret 'OQB6ZZGYHCPSX4AK':


  • Use Composer to install the package

  • From project root directory execute following

composer install

  • Composer will take care of autoloading the library. Just include the following at the top of your file

    require_once __DIR__ . '/../vendor/autoload.php';

Run Tests:

  • All tests are inside tests folder.
  • Execute composer install and then run the tests from project root directory
  • Run as phpunit tests from the project root directory


  • ??? What do you need?


If you like this script or have some features to add: contact me, visit my blog, fork this project, send pull requests, you know how it works.

Popular Authentication Projects
Popular Authenticator Projects
Popular Security Categories

Get A Weekly Email With Trending Projects For These Categories
No Spam. Unsubscribe easily at any time.