I am working on a Laravel project and want to create an own 2-Factor-Authentication with One Time Passwords.
So I chosed Spomky-Labs otphp library and have some code like this:
$secretB32 = Base32::encode('slkopnucji6vl34utmehqla5mbkb4grvmet7uvs7dtnko6v4bqwhfk3v');
$otp = TOTP::createFromSecret($secretB32);
$otp->setDigest('sha1');
$otp->setPeriod(60);
$otp->setLabel('Project name');
$otp->setDigits(6);
// Echos the provisioning URI to make QR code from.
echo $otp->getProvisioningUri();
echo '<br /><br />';
// Echoes the six digits One Time Password
echo $otp->now(); // Works with FreeOTP App but not with Microsoft Authenticator
The QR code resulting from the provisioning URI works perfectly fine with the FreeOTP App, but it does not work with the Microsoft Authenticator App which I'd prefer due to its way more professional look.
Microsoft Authenticator does not even recognize the 60 seconds period. I assume that I setup Spomky's lib incorrectly, especially the algorithm.
Did anyone made this work? Thanks in advance!
PS: I am open to any other PHP library as well.
The vast majority of OTP apps only support the default parameters of 6 digits, 30 seconds, SHA1 hash. FreeOTP is the only one I found that supported everything I threw at at, with 1Password a close second. Here is a grid I made a few years ago, showing all the combinations I tried.
If you don't mind requiring your users to use a specific OTP app, you can use values other than these defaults.
If you don't want to impose this restriction on your users, keep your parameters at 6 digits, 30 seconds, and SHA1 hash.