Provisioning Guide

Provisioning Guide#

Overview#

Provisioning is the process of preparing a secret and metadata for an authenticator client.

This package separates:

  • provisioning URI generation

  • QR payload generation

  • QR image rendering

  • URI parsing

Generating secrets#

For TOTP, HOTP, and OCRA, you can generate a new Base32 secret before building provisioning artifacts:

<?php
use Infocyph\OTP\HOTP;
use Infocyph\OTP\OCRA;
use Infocyph\OTP\TOTP;

$totpSecret = TOTP::generateSecret();
$hotpSecret = HOTP::generateSecret();
$ocraSharedKey = OCRA::generateSecret();

Provisioning URIs#

Generate a provisioning URI:

<?php
$uri = $totp->getProvisioningUri('[email protected]', 'Example App');

Render an SVG QR code:

<?php
$svg = $totp->getProvisioningUriQR('[email protected]', 'Example App');

Full TOTP QR example:

<?php
use Infocyph\OTP\TOTP;

$totp = (new TOTP($secret))
    ->setAlgorithm('sha256');

$svg = $totp->getProvisioningUriQR(
    '[email protected]',
    'Example App',
);

// return or embed the SVG in your setup page
echo $svg;

HOTP example:

<?php
$uri = $hotp->getProvisioningUri('[email protected]', 'Example App');

HOTP QR example:

<?php
use Infocyph\OTP\HOTP;

$hotp = (new HOTP($secret))
    ->setCounter(3)
    ->setAlgorithm('sha1');

$svg = $hotp->getProvisioningUriQR(
    '[email protected]',
    'Example App',
);

OCRA example:

<?php
$uri = $ocra->getProvisioningUri('[email protected]', 'Example App');

OCRA QR example:

<?php
use Infocyph\OTP\OCRA;

$ocra = new OCRA('OCRA-1:HOTP-SHA256-8:C-QN08-PSHA1', $sharedKey);
$svg = $ocra->getProvisioningUriQR(
    '[email protected]',
    'Example App',
);

Enrollment payloads#

<?php
$payload = $totp->getEnrollmentPayload(
    '[email protected]',
    'Example App',
    withQrSvg: true,
);

$payload->secret;
$payload->uri;
$payload->qrPayload;
$payload->qrSvg;

This is useful when your application wants to:

  • show a QR code in the UI

  • store the raw provisioning URI

  • return the same payload to a frontend or admin tool

Example:

<?php
$payload = $totp->getEnrollmentPayload(
    '[email protected]',
    'Example App',
    withQrSvg: true,
);

$secret = $payload->secret;
$uri = $payload->uri;
$svg = $payload->qrSvg;

// persist $secret securely, store $uri if desired, render $svg in setup UI

Parsing existing URIs#

<?php
use Infocyph\OTP\TOTP;

$parsed = TOTP::parseProvisioningUri($uri);

$parsed->type;
$parsed->secret;
$parsed->label;
$parsed->issuer;
$parsed->algorithm;
$parsed->digits;
$parsed->period;
$parsed->counter;
$parsed->ocraSuite;

Issuer and label behavior#

Label formatting is centralized to avoid malformed outputs such as duplicated issuer prefixes.

The provisioning layer:

  • normalizes issuers

  • safely formats labels

  • separates URI generation from QR rendering