yubico

package
v0.0.0-...-8b70b2c Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 23, 2023 License: Unlicense Imports: 20 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var YubiCloudServers = []string{
	"https://api.yubico.com/wsapi/2.0/verify",
	"https://api2.yubico.com/wsapi/2.0/verify",
	"https://api3.yubico.com/wsapi/2.0/verify",
	"https://api4.yubico.com/wsapi/2.0/verify",
	"https://api5.yubico.com/wsapi/2.0/verify",
}

YubiCloudServers Yubico servers that know about your factory-configured yubikey slot #1.

Functions

func APIEnvironment

func APIEnvironment() (clientID string, secretKey string, err error)

APIEnvironment reads well-known environment variables (YUBICO_API_CLIENT_ID, YUBICO_API_SECRET_KEY) to get your Yubi client API creds. Note that YUBICO_API_SECRET_KEY must be base64-encoded.

func WithAPICreds

func WithAPICreds(id string, apikeyB64 string) func(y *YubiClient)

WithAPICreds an optional arg to NewYubiClient that specifies the Yubico API creds. The apikeyB64 must be base64 encoded as it is provided by the Yubico API Key Signup.

func WithAPIEnvironment

func WithAPIEnvironment() func(y *YubiClient)

WithAPIEnvironment an optional arg to NewYubiClient that reads Yubico API creds from environment variables YUBICO_API_CLIENT_ID and YUBICO_API_SECRET_KEY.

func WithAPIServers

func WithAPIServers(servers []string) func(y *YubiClient)

WithAPIServers an optional arg to NewYubiClient that specifies Yubico API servers. Default is to use the manifest definitions.

Types

type VerifyRequest

type VerifyRequest struct {
	ID        string // Required Yubico Client ID associated with API key
	OTP       string // Required OTP to validate
	H         string // Optional HMAC-SHA1 signature for the request.
	Timestamp bool   // Optional servers provides timestamp and session counter info in response
	Nonce     string // Required 16 to 40 character long string with random unique data
	SL        string // Optional value 0 to 100 indicating percentage of syncing required by client, or strings "fast" or "secure" to use server-configured values; if absent, let the server decide
	Timeout   int    // Optional number of seconds to wait for sync responses; if absent, let the server decide
}

VerifyRequest A request to verify a OTP

type VerifyResponse

type VerifyResponse struct {
	// OTP one time password from the YubiKey, from request
	OTP string
	// Nonce is a random unique data, from request
	Nonce string
	// H Signature
	H []byte
	// T timestamp in UTC
	T time.Time
	// Status is the status of the operation
	Status common.Status
	// Timestamp YubiKey internal timestamp value when key was pressed
	Timestamp uint
	// SessionCounter YubiKey internal usage counter when key was pressed
	SessionCounter uint
	// SessionUse YubiKey internal session usage counter when key was pressed
	SessionUse uint
	// SL percentage of external validation server that replied successfully (0 to 100)
	SL int
}

VerifyResponse Response from a Yubico verify request

func VerifyDefault

func VerifyDefault(otp string) (*VerifyResponse, error)

VerifyDefault helper for a one-shot OTP validation using default values.

You may prefer to use NewYubiClient() if you will be validating more than one OTP.

type YubiClient

type YubiClient struct {
	// contains filtered or unexported fields
}

YubiClient Yubico API key info

func NewTestYubiClient

func NewTestYubiClient(server string) (*YubiClient, error)

NewTestYubiClient a test suite function

func NewYubiClient

func NewYubiClient(options ...func(client *YubiClient)) (ry *YubiClient, rerr error)

NewYubiClient creates a new Yubi Cloud client to verify future tokens.

Options may be one of the With*() functions. Ex. WithAPIEnvironment().

You must use your own client id and apiKey to use their servers. Refer to APIEnvironment().

See [Obtain a Yubico API Key]: https://support.yubico.com/hc/en-us/articles/360013717560-Obtaining-an-API-Key-for-YubiKey-Development

func (*YubiClient) Verify

func (y *YubiClient) Verify(req *VerifyRequest) (*VerifyResponse, error)

Verify generic request. See VerifyDefault() for convenience.

func (*YubiClient) VerifyOTP

func (y *YubiClient) VerifyOTP(otp string) (*VerifyResponse, error)

VerifyOTP formats and makes a request to validate a OTP from Yubico API. If it could not validate for any reason, an error is returned.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL