Flutter OTP Autofill

Pub Version Analyze License: MIT

A production-ready Flutter plugin for secure OTP (One-Time Password) autofill on Android and iOS.
This plugin uses the SMS Retriever API on Android and native Autofill on iOS to automatically read SMS codes without requiring SMS permissions (READ_SMS or RECEIVE_SMS).

🚀 Features

  • Zero Permissions: Protect user privacy by not reading their entire SMS inbox.
  • Android Support: Native implementation of the Google SMS Retriever API.
  • iOS Support: Native UITextField autofill integration (One Time Code).
  • Ready-to-use Widget: Drop-in OtpTextField widget for instant implementation.
  • Customizable: Supports custom code length, auto-focus, and styling.
Platform Verified Support Technology
Android SMS Retriever API
iOS Native textContentType = .oneTimeCode

📦 Installation

Add this to your pubspec.yaml:

dependencies:
  flutter_otp_autofill: ^0.0.1

Then run flutter pub get.

💻 Usage

Option 1: Using OtpTextField (Easiest)

The OtpTextField widget handles the entire lifecycle: starts listening when built, updates UI when code is received, and cleans up when disposed.

import 'package:flutter_otp_autofill/flutter_otp_autofill.dart';

// ... in your widget tree
OtpTextField(
  length: 6,             // Code length (4-8 digits)
  autoFocus: true,       // Open keyboard automatically
  onCompleted: (code) {
    print("Code received: $code");
    // Verify with your backend...
  },
)

Option 2: Custom Controller (Advanced)

If you have your own UI, you can use the static methods directly.

@override
void initState() {
  super.initState();
  FlutterOtpAutoFill.listen(
    codeLength: 6,
    onCodeReceived: (code) {
      // Do something with the code
    },
  );
}

@override
void dispose() {
  FlutterOtpAutoFill.stop();
  super.dispose();
}

🤖 Android Configuration

To use the SMS Retriever API (which allows reading only your OTP SMS), the message must follow this format:

  1. (Optional) Start with <#>.
  2. Be less than 140 bytes.
  3. End with your Application Hash.

Example SMS:

<#> Your verification code is 123456
H8k3/s+9d1l

Getting Your App Signature

The hash depends on your signing key (debug vs release). To find it easily during development:

String? signature = await FlutterOtpAutoFill.getAppSignature();
print("App Signature: $signature");

IMPORTANT: You will have a different hash for your Play Store release build. Make sure your server supports configuring the hash dynamically or can handle multiple hashes.

🍎 iOS Configuration

iOS autofill works "magically" via the OS.

  • The keyboard will detect "one time code" fields.
  • When an SMS arrives with words like "code" or "passcode", it appears above the keyboard.
  • User taps to fill.

No special SMS format or hash is needed for iOS.

❓ Troubleshooting

  • Android - Code not received?
    • Double check the App Signature at the end of the SMS.
    • Ensure the code inside the SMS matches the codeLength (default 6 digits).
  • iOS - Suggestion not appearing?
    • Tap the field to focus it.
    • Ensure the SMS content looks like a standard OTP message.

📄 License

MIT License. See LICENSE for details.

Libraries

flutter_otp_autofill
flutter_otp_autofill_method_channel
flutter_otp_autofill_platform_interface
otp_text_field