Introduction | laravel-one-time-passwords | Spatie SPATIE Laravel One-Time Passwords ============================= spatie.be/open-source [Docs](https://spatie.be/docs) [Laravel-one-time-passwords](https://spatie.be/docs/laravel-one-time-passwords/v2) Introduction Version v2 v1 Other versions for crawler [v2](https://spatie.be/docs/laravel-one-time-passwords/v2) [v1](https://spatie.be/docs/laravel-one-time-passwords/v1) - [ Introduction ](https://spatie.be/docs/laravel-one-time-passwords/v2/introduction) - [ Support us ](https://spatie.be/docs/laravel-one-time-passwords/v2/support-us) - [ Installation & setup ](https://spatie.be/docs/laravel-one-time-passwords/v2/installation-setup) - [ Questions and issues ](https://spatie.be/docs/laravel-one-time-passwords/v2/questions-issues) - [ Changelog ](https://spatie.be/docs/laravel-one-time-passwords/v2/changelog) - [ About us ](https://spatie.be/docs/laravel-one-time-passwords/v2/about-us) Basic usage ----------- - [ Introducing one-time-passwords ](https://spatie.be/docs/laravel-one-time-passwords/v2/basic-usage/introducing-one-time-passwords) - [ Creating one-time passwords ](https://spatie.be/docs/laravel-one-time-passwords/v2/basic-usage/creating-one-time-passwords) - [ Configuring notifications ](https://spatie.be/docs/laravel-one-time-passwords/v2/basic-usage/configuring-notifications) - [ Consuming one-time passwords ](https://spatie.be/docs/laravel-one-time-passwords/v2/basic-usage/consuming-one-time-passwords) - [ Using the Livewire component ](https://spatie.be/docs/laravel-one-time-passwords/v2/basic-usage/using-the-livewire-component) Configuring security -------------------- - [ Introduction ](https://spatie.be/docs/laravel-one-time-passwords/v2/configuring-security/introduction) - [ Enforcing origin ](https://spatie.be/docs/laravel-one-time-passwords/v2/configuring-security/enforcing-origin) - [ Configuring password format ](https://spatie.be/docs/laravel-one-time-passwords/v2/configuring-security/configuring-password-format) - [ Allowing multiple passwords ](https://spatie.be/docs/laravel-one-time-passwords/v2/configuring-security/allowing-multiple-passwords) - [ Setting default expiration time ](https://spatie.be/docs/laravel-one-time-passwords/v2/configuring-security/setting-default-expiration-time) Advanced usage -------------- - [ Customizing actions ](https://spatie.be/docs/laravel-one-time-passwords/v2/advanced-usage/customizing-actions) - [ Using your own model ](https://spatie.be/docs/laravel-one-time-passwords/v2/advanced-usage/using-your-own-model) - [ Handling events ](https://spatie.be/docs/laravel-one-time-passwords/v2/advanced-usage/handling-events) Laravel One-Time Passwords ============================ Securely create and consume one-time passwords (OTP) ---------------------------------------------------- [ Repository ](https://github.com/spatie/laravel-one-time-passwords) 260,367 171 Introduction ------------ Using this package, you can securely create and consume one-time passwords. By default, a one-time password is a number of six digits long that will be sent via a mail notification. This notification can be extended so it can be sent via other channels, like SMS. The package ships with a Livewire component to allow users to login using a one-time password. ![image](/docs/laravel-one-time-passwords/v2/images/form-email.png) ![image](/docs/laravel-one-time-passwords/v2/images/form-code.png) Alternatively, you can to build the one-time password login flow you want with the easy-to-use methods the package provides. Here's how you would send a one-time password to a user ``` // send a mail containing a one-time password $user->sendOneTimePassword(); ``` This is what the notification mail looks like: ![image](/docs/laravel-one-time-passwords/v2/images/otp-notification.png) Here's how you would try to log in a user using a one-time password. ``` use Spatie\OneTimePasswords\Enums\ConsumeOneTimePasswordResult; $result = $user->attemptLoginUsingOneTimePassword($oneTimePassword); if ($result->isOk()) { // it is best practice to regenerate the session id after a login $request->session()->regenerate(); return redirect()->intended('dashboard'); } return back()->withErrors([ 'one_time_password' => $result->validationMessage(), ])->onlyInput('one_time_password'); ``` The package tries to make one-time passwords as secure as can be by: - letting them expire in a short timeframe (2 minutes by default) - only allowing to consume a one-time password on the same IP and user agent as it was generated All behavior is implemented in action classes that can be modified to your liking.