Laravel One-Time Passwords

Using this package, you can securely create and consume one-time passwords. By default, a one-time password is a number of six digits long that will be sent via a mail notification. This notification can be extended so it can be sent via other channels, like SMS.

The package ships with a Livewire component to allow users to login using a one-time password.

Alternatively, you can to build the one-time password login flow you want with the easy-to-use methods the package provides.

Here's how you would send a one-time password to a user

// send a mail containing a one-time password

$user->sendOneTimePassword();

This is what the notification mail looks like:

Here's how you would try to log in a user using a one-time password.

use Spatie\OneTimePasswords\Enums\ConsumeOneTimePasswordResult;

$result = $user->attemptLoginUsingOneTimePassword($oneTimePassword);

if ($result->isOk()) {
     // it is best practice to regenerate the session id after a login   
     $request->session()->regenerate();
              
     return redirect()->intended('dashboard');
}

return back()->withErrors([
    'one_time_password' => $result->validationMessage(),
])->onlyInput('one_time_password');

The package tries to make one-time passwords as secure as can be by:

• letting them expire in a short timeframe (2 minutes by default)
• only allowing to consume a one-time password on the same IP and user agent as it was generated

All behavior is implemented in action classes that can be modified to your liking.