Documentation ¶
Overview ¶
Package otp implements both HOTP and TOTP based one time passcodes in a Google Authenticator compatible manner.
When adding a TOTP for a user, you must store the "secret" value persistently. It is recommend to store the secret in an encrypted field in your datastore. Due to how TOTP works, it is not possible to store a hash for the secret value like you would a password.
To enroll a user, you must first generate an OTP for them. Google Authenticator supports using a QR code as an enrollment method:
import ( "git.sr.ht/~pingoo/stdx/otp/totp" "bytes" "image/png" ) key, err := totp.Generate(totp.GenerateOpts{ Issuer: "Example.com", AccountName: "alice@example.com", }) // Convert TOTP key into a QR code encoded as a PNG image. var buf bytes.Buffer img, err := key.Image(200, 200) png.Encode(&buf, img) // display the QR code to the user. display(buf.Bytes()) // Now Validate that the user's successfully added the passcode. passcode := promptForPasscode() valid := totp.Validate(passcode, key.Secret()) if valid { // User successfully used their TOTP, save it to your backend! storeSecret("alice@example.com", key.Secret()) }
Validating a TOTP passcode is very easy, just prompt the user for a passcode and retrieve the associated user's previously stored secret.
import "git.sr.ht/~pingoo/stdx/otp/totp" passcode := promptForPasscode() secret := getSecret("alice@example.com") valid := totp.Validate(passcode, secret) if valid { // Success! continue login process. }
Index ¶
- Variables
- type Algorithm
- type Digits
- type Key
- func (k *Key) AccountName() string
- func (k *Key) Algorithm() Algorithm
- func (k *Key) Digits() Digits
- func (k *Key) Issuer() string
- func (k *Key) Period() uint64
- func (k *Key) QrCode(width int, height int) (image.Image, error)
- func (k *Key) Secret() string
- func (k *Key) String() string
- func (k *Key) Type() string
- func (k *Key) URL() string
Constants ¶
This section is empty.
Variables ¶
var ErrGenerateMissingAccountName = errors.New("AccountName must be set")
When generating a Key, the Account Name must be set.
var ErrGenerateMissingIssuer = errors.New("Issuer must be set")
When generating a Key, the Issuer must be set.
var ErrValidateInputInvalidLength = errors.New("Input length unexpected")
The user provided passcode length was not expected.
var ErrValidateSecretInvalidBase32 = errors.New("Decoding of secret as base32 failed.")
Error when attempting to convert the secret from base32 to raw bytes.
Functions ¶
This section is empty.
Types ¶
type Algorithm ¶
type Algorithm int
Algorithm represents the hashing function to use in the HMAC operation needed for OTPs.
const ( // AlgorithmSHA1 should be used for compatibility with Google Authenticator. // // See https://git.sr.ht/~pingoo/stdx/otp/issues/55 for additional details. AlgorithmSHA1 Algorithm = iota AlgorithmSHA256 AlgorithmSHA512 AlgorithmMD5 )
type Digits ¶
type Digits int
Digits represents the number of digits present in the user's OTP passcode. Six and Eight are the most common values.
type Key ¶
type Key struct {
// contains filtered or unexported fields
}
Key represents an TOTP or HTOP key.
func NewKeyFromURL ¶
NewKeyFromURL creates a new Key from an TOTP or HOTP url.
The URL format is documented here:
https://github.com/google/google-authenticator/wiki/Key-Uri-Format
func (*Key) AccountName ¶
AccountName returns the name of the user's account.