承接 asernum/sdk-client-asafe 相关项目开发

从需求分析到上线部署,全程专人跟进,保证项目质量与交付效率

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

asernum/sdk-client-asafe

Composer 安装命令:

composer require asernum/sdk-client-asafe

包简介

TOTP (RFC 6238) / Asafe compatible 2FA helper.

README 文档

README

TOTP (RFC 6238) library for generating and verifying one-time codes, compatible with Asafe and other TOTP-compatible authenticator apps.

Installation

composer require asernum/sdk-client-asafe

Usage

Basic example

<?php

require __DIR__ . '/vendor/autoload.php';

use Asafe2FA\Asafe2FA;

$a2fa = new Asafe2FA();

// Generate a secret key (base32)
$secret = $a2fa->generateSecret();

// Create the OTP Auth URL for QR code scanning
$url = $a2fa->getOtpAuthUrl("alice@example.com", "MyCompany", $secret);

// Get the current OTP code
$otp = $a2fa->getCurrentOtp($secret);

// Verify the OTP code
$ok = $a2fa->verifyKey($secret, $otp, 1);

Understanding the window parameter

The window parameter in verifyKey() allows for a small time drift. TOTP codes change every 30 seconds (by default); a clock difference between the server and the user's device can cause verification to fail.

Behavior:

  • window = 0: accepts only the code for the current period
  • window = 1 (default): accepts codes for the current, previous, and next period (±30 seconds)
  • window = 2: accepts codes over ±2 periods (±60 seconds)

Example:

// Strict verification - current code only
$strict = $a2fa->verifyKey($secret, $userInput, 0);

// Default - ±30 second tolerance (recommended)
$normal = $a2fa->verifyKey($secret, $userInput, 1);

// More lenient - ±60 second tolerance
$lenient = $a2fa->verifyKey($secret, $userInput, 2);

When to use which value:

  • window = 0: maximum security (but may fail if clocks are out of sync)
  • window = 1: general use (good balance of security and usability)
  • window = 2 or more: when clocks may be poorly synchronized

API

generateSecret(length?: int): string

Generates a random secret key encoded in base32.

  • length: optional. Number of characters (default: 32, ~160 bits)

getOtpAuthUrl(account: string, issuer: string, secret: string): string

Creates an otpauth:// URL compatible with Asafe and other TOTP apps.

  • account: user identifier (e.g. email address)
  • issuer: service name (e.g. "MyCompany")
  • secret: secret key from generateSecret()

getCurrentOtp(secret: string, options?: array): string

Generates the current TOTP code for the given secret.

  • secret: the secret key
  • options: optional TOTP configuration (period, digits, algorithm)

verifyKey(secret: string, token: string, window?: int, options?: array): bool

Verifies whether a TOTP token is valid.

  • secret: the secret key
  • token: the OTP code to verify (user input)
  • window: optional. Time tolerance in periods (default: 1). See Understanding the window parameter above
  • options: optional TOTP configuration
  • Returns: true if the token is valid, false otherwise

License

MIT

asernum/sdk-client-asafe 适用场景与选型建议

asernum/sdk-client-asafe 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 93 次下载、GitHub Stars 达 0, 最近一次更新时间为 2026 年 02 月 19 日, 在 PHP 生态内属于活跃度较高的组件。

我们在过去多个企业项目中使用过 asernum/sdk-client-asafe 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 asernum/sdk-client-asafe 我们能提供哪些服务?
定制开发 / 二次开发

基于 asernum/sdk-client-asafe 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 93
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 0
  • 点击次数: 33
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 0
  • Watchers: 0
  • Forks: 0
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2026-02-19