03
JanGoogle2FA is a PHP implementation of the Google Two-Factor Authentication Module, supporting the HMAC-Based One-time Password (HOTP) algorithm specified in RFC 4226 and the Time-based One-time Password (TOTP) algorithm specified in RFC 6238.
Now you can install this package via Composer:
composer require pragmarx/google2fa
To generate inline QRCodes, you’ll need to install a QR code generator, e.g. BaconQrCode:
composer require bacon/bacon-qr-code
Instantiate it directly
use PragmaRX\Google2FA\Google2FA;
$google2fa = new Google2FA();
return $google2fa->generateSecretKey();
Generate a secret key for your user and save it:
$user->google2fa_secret = $google2fa->generateSecretKey();
The securer way of creating QRCode is to do it yourself or use a library. First, you have to install a QR code generator e.g. BaconQrCode, as stated above, then you just have to generate the QR code URL using:
$qrCodeUrl = $google2fa->getQRCodeUrl(
$companyName,
$companyEmail,
$secretKey
);
Once you have the QR code URL, you can feed it to your preferred QR code generator.
// Use your own QR Code generator to generate a data URL:
$google2fa_url = custom_generate_qrcode_url($qrCodeUrl);
/// and in your view:
<img src="{{ $google2fa_url }}" alt="">
And to verify, you just have to:
$secret = $request->input('secret');
$valid = $google2fa->verifyKey($user->google2fa_secret, $secret);
This package suggests the use of Bacon/QRCode
because it is known as a good QR Code package, but you can use it with any other package.
Using Bacon/QRCode
<?php
use PragmaRX\Google2FA\Google2FA;
use BaconQrCode\Renderer\ImageRenderer;
use BaconQrCode\Renderer\Image\ImagickImageBackEnd;
use BaconQrCode\Renderer\RendererStyle\RendererStyle;
use BaconQrCode\Writer;
$google2fa = app(Google2FA::class);
$g2faUrl = $google2fa->getQRCodeUrl(
'pragmarx',
'google2fa@pragmarx.com',
$google2fa->generateSecretKey()
);
$writer = new Writer(
new ImageRenderer(
new RendererStyle(400),
new ImagickImageBackEnd()
)
);
$qrcode_image = base64_encode($writer->writeString($g2faUrl));
And show it as an image:
<img src="data:image/png;base64, <?php echo $qrcode_image; ?> "/>
To comply with RFC6238, this package supports SHA1, SHA256, and SHA512. It defaults to SHA1, so to use a different algorithm you just have to use the method setAlgorith()
:
$google2fa->setAlgorithm(Constants::SHA512);
To be compatible with Google Authenticator, your (converted to base 32) secret key length must be at least 8 chars and be a power of 2: 8, 16, 32, 64…
So, to prevent errors, you can do something like this while generating it:
$secretKey = '123456789';
$secretKey = str_pad($secretKey, pow(2,ceil(log(strlen($secretKey),2))), 'X');
And it will generate
123456789XXXXXXX
By default, this package will enforce compatibility, but, if Google Authenticator is not a target, you can disable it by doing
$google2fa->setEnforceGoogleAuthenticatorCompatibility(false);
This package has a lot more in it. If you want to dig more, then you can visit its complete documentation on github.
Published at : 03-01-2022
I am a highly results-driven professional with 12+ years of collective experience in the grounds of web application development especially in laravel, native android application development in java, and desktop application development in the dot net framework. Now managing a team of expert developers at Codebrisk.
Launch project