OTPZ is a Laravel package created by Ben Bjurstrom (author of Prezet) that provides secure first-factor one-time passwords (OTPs) for Laravel applications. This allows users to enter their email addresses and receive a one-time code to sign in instead of a password.
Key Features
- Rate-limited
- Configurable expiration times
- Invalidate OTP after its first use
- Lock the OTP to the user's session
- Invalidate the OTP after too many failed attempts
- View detailed error messages
- Customize the mail template used
- Auditable logs
To setup, install the package via composer:
composer require benbjurstrom/otpzThen publish and run the included migrations:
php artisan vendor:publish --tag="otpz-migrations"php artisan migrateNext, add the package's interface and trait to your Authenticatable User model
<?php// app/Models/User.phpnamespace App\Models; //...use BenBjurstrom\Otpz\Models\Concerns\HasOtps;use BenBjurstrom\Otpz\Models\Concerns\Otpable; class User extends Authenticatable implements Otpable{ use HasFactory, Notifiable, HasOtps; // ...}And lastly add the package provided routes in your routes/web.php file:
Route::otpRoutes();Optionally, you may publish the default views and config to customize things further:
php artisan vendor:publish --tag="otpz-views"php artisan vendor:publish --tag="otpz-config"The package works with Laravel Breeze with either Livewire or Inertia, and further instructions are provided on how to update the respective LoginRequest::authenticate method with a send email method to run the SendOtp action.
If you are looking for a way to quickly allow users secure and temporary or single-use access to a system, then OTPZ might be the package for you.
Learn more about this package and view the source code on GitHub.
