Google Authenticator Redux

This PHP library provides support for 2-Factor authentication, often referred to as 2FA, using Google Authenticator. The client is intended to be used with the Google Authenticator mobile app available on both Android and iOS devices. Google Authenticator is an implementation of the algorithm defined in RFC6238, better known as TOTP: Time-Based One-Time Password Algorithm.

The client contains methods which support:

  • The generation of RFC6238 compliant secret keys
  • The generation of Base32 codes based on the secret key
  • Creation of QR Code image URLs to present to the user for scanning into the Google Authenticator app
  • Validation of a user-submitted code against a known secret key
Fork me on GitHub


The recommended way to install this library is through Composer.

Ensure you require Composer's autoloader somewhere in your code, then you should have access to load the client library:


Below you will find code which outlines the general process of using this client. Please note that this is only an example and not intended for live usage. It is assumed your application will request the user to input a code found on their Google Authenticator mobile application. For the sake of this demo, you would replace the line $code = $ga->getCode($secret); with your own method for retrieving the user inputted code.

The Github repository contains a live demo which demonstrates actual usage of the client. To view the demo, simply navigate to the example/ directory which contains a working index.php file. If you have PHP running on your machine, you can run the example code using PHP's build in web server following these steps:

  1. Grab a copy of the repository: git clone [email protected]:CraftBlue/GoogleAuthenticatorRedux.git
  2. In your terminal or console, navigate to the example/ directory
  3. Start PHP's built in web server by running the included bash script: bash ./
  4. Navigate your web browser to to view the demo
  5. View the source code of index.php to learn how the demo works
  6. Implement your own two factor authentication based on the demo code


Downloads are available via github. The decision is all yours:

  • git clone [email protected]:CraftBlue/GoogleAuthenticatorRedux.git
  • git clone
  • wget
  • wget
Download as .zip Download as .tar.gz


If you have any problems with GoogleAuthenticatorRedux, please file a ticket/issue/bug on Github and we will attempt to address it at my earliest convenience.

GoogleAuthenticatorRedux Issues on Github


GoogleAuthenticatorRedux is licensed under the 2-Clause BSD License. This is often referred to as the "FreeBSD License."

This is a permissive free software license, imposing minimal restrictions on the redistribution of GoogleAuthenticatorRedux.

You are free to use GoogleAuthenticatorRedux in commercial projects as long as any copyright headers and license file are left intact.

The BSD License allows proprietary use and allows the software released under the license to be incorporated into proprietary products.


  • Feb 26, 2017
    Updated TravisCI PHP versions to only support 5.6+.
  • Oct 21, 2016
    Removed PHP 7.1 from TravisCI until underlying dependencies get updated.
  • Oct 19, 2016
    Updated the TravisCI build.
  • August 30, 2016
    Initial commit of the client library.

About the Author

is a full-stack web applications developer in Charlotte, NC with 9+ years professional experience. He holds a bachelors degree in Computer Science and has been working remotely since 2012. He specializes in LAMP/LEMP stack development with Laravel and WordPress. Corey is the owner and principal consultant at Craft Blue, a custom web applications development consultancy. He's also the co-organizer of the Queen City PHP meetup group in Charlotte. He is an entrepreneur, blogger, open source contributor, beer lover, startup advocate, chicken wrangler, hydroponics gardening dabbler, and homebrewer.

Corey works with agencies, startups, and businesses.

Contact Corey to see how Craft Blue can help you.