Add 2FA to your Laravel Application using Hydro Raindrop

Hydro Raindrop

Hydro Raindrop was built to protect against phishing, hacking, and illegal attempts to access your clients’ data. Hydro has easy to implement APIs and a beautiful mobile app available for your users on Android and iOS. The best part is, the integration is 100% FREE for you and your users!

Read more about Hydro Raindrop


  • PHP 7.1
  • Laravel 5.8
  • The Hydro App (iOS or Android)


This package allows developers to integrate a second layer of security (Multi Factor Authentication) to their apps.


Before you can use the service, you need to create a developer account at You can create a new application to obtain a Client ID, Client Secret and Application ID.

By default you can use the Sandbox environment, you can apply for a production environment any time through the website.


Install the package using the following composer command:

composer require adrenth/laravel-hydro-raindrop 

Install assets

Publish the public assets:

php artisan vendor:publish --tag=public --force 

Install configuration

Publish the configuration file app/hydro-raindrop.php:

php artisan vendor:publish --tag=config 

Authentication Routes (optional)

To add Laravels’ default Authentication routes, execute this command:

php artisan make:auth 

Please see the official documentation on this subject:

Environment configuration

Add the environment variables to your .env.example file:


Don’t commit sensitive information to your repositories. Your .env file should contain the actual credentials and should be ignored by Git.

Look for the app/raindrop.php file and review the configuration.

After changing you configuration, don’t forget to run the following command which clears the configuration cache.

php artisan config:cache 

Run database migrations

Run the database migrations.

php artisan migrate 

This will add the column hydro_id, hydro_raindrop_enabled and hydro_raindrop_confirmed to the users database table (table name is configurable, check config/raindrop.php).


Add the raindrop middleware to the App/Http/Kernel:

protected $routeMiddleware = [ // .. 'hydro-raindrop' => \Adrenth\LaravelHydroRaindrop\Middleware::class ]; 


Now add the raindrop middleware to the routes you’d like to protect with Hydro Raindrop MFA.

Route::get('/admin', function () { return view('admin.index'); })->middleware(['auth', 'hydro-raindrop']); 

Note that the hydro-raindrop middleware only works with an authenticated session. So it should be used in combination with the auth middleware.

Throttling / Lockout after x attempts

Unless you need something really fancy, you can probably use Laravel’s route throttle middleware for that:

Route::get('/admin', function () { return view('admin.index'); })->middleware(['auth', 'hydro-raindrop', 'throttle']); 

Overriding Package Views

It is possible to override the views provided by this package.

Please see the (Laravel documentation page)[] about overriding views.


The UserHelper class can be used when developers want to create their own interface for handling the HydroID and enabling/disabling the MFA security layer.

Console commands

Command Description
hydro-raindrop:reset-hydro {user} Reset Hydro Raindrop MFA for user.
hydro-raindrop:transfer-hydro {userA} {userB} Transfer Hydro Raindrop MFA from user to another user.
hydro-raindrop:unblock-user {user} Unblock given user which was blocked due too many failed MFA attempts.


Event Payload Description
UserIsBlocked $user Fired after a user has been blocked duu too many failed MFA attempts.
UserLoginIsBlocked $user Fired after a login but before the authentication session is destroyed.
UserMfaSessionStarted $user Fired when MFA session is being started.
SignatureFailed $user Fired when the MFA signature failed i.e. user enters invalid MFA message.
SignatureVerified $user Fired when MFA signature is correct i.e. user enters valid MFA message.
HydroIdAlreadyMapped $user, $hydroId Fired when the HydroID is already mapped to the application by any user.
HydroIdDoesNotExist $user, $hydroId Fired after the HydroID has been sent to the API and the HydroID cannot be found.
HydroIdRegistered $user, $hydroId Fired when HydroID is successfully registered.
HydroIdRegistrationFailed $user, $hydroId Fired when HydroID registration failed after calling the API. API Error.

Further reading

For more info on Hydro or MFA and how it’s changing the world, check out the following:

Looking for a drop-in solution? Hydro Raindrop is also available for the following Content Management Systems:

via Laravel News Links
Add 2FA to your Laravel Application using Hydro Raindrop