Say goodbye to passwords and sign in via a time-based one-time password instead! Laravel TOTP Login is a convenient package that allows you to easily add a TOTP login feature to your Laravel application.
You might wonder why you should opt for a TOTP login instead of a magic link solution. Well, this package is designed to complement the existing login methods in your application. It provides an alternative sign-in option for users who haven't set a password yet or don't have an email address. For instance, users who signed up with only a phone number can still enjoy the benefits of secure login through a TOTP.
- Simplified sign-in process using a TOTP
- Compatibility with existing login methods
- Support for users without passwords or email addresses
In addition to Laravel v9.52 or newer, this package relies on Alpine.js. If you're using Laravel LiveWire, you are already good to go. Otherwise, ensure to include Alpine.js in your application. Also, you need to have a notifiable user model.
Install the package via composer:
composer require empuxa/laravel-totp-loginCopy the vendor files and adjust the config file config/totp-login.php to your needs:
php artisan vendor:publish --provider="Empuxa\TotpLogin\TotpLoginServiceProvider"Run the migrations:
php artisan migrateThat's it! You're ready to start using the TOTP login feature in your Laravel application.
The sign-in process for this repository involves three steps:
- Enter the user's email address, phone number, or any other specified identifier, and request a TOTP.
- If the entered information is valid, a TOTP will be sent to the user. You may need to customize the notification channel based on the user model you are using.
- Enter the received TOTP to log in the user.
While the initial steps are relatively straightforward, it's now necessary to customize the views.
These views have been designed to be as simple as possible (some might even consider them "ugly") and can be located in the resources/views/vendor/totp-login directory.
Why are they not visually appealing? Different applications adopt various layouts and frameworks. Since you have the most knowledge about your application, you can change the views to suit your specific requirements.
Within the copied views, you will come across a notification sent to the user. You may want to make adjustments to this notification to align it with your preferences and needs.
If you plan on using SMS or similar as your preferred notification channel, you can create a custom notification class.
The TOTP and the user's IP address will be passed to the constructor of this class.
Finally, replace the default notification class within the config/totp-login.php file with your custom notification.
To apply a scope to your user model, add the following method to your model:
public static function totpLoginScope(): Builder
{
return self::yourGlobalScope();
}composer testPlease see CHANGELOG for more information on what has changed recently.
Please review our security policy on how to report security vulnerabilities.
The MIT License (MIT). Please see License File for more information.