otp

Go library for generating and using One Time Passwords. Supports both HOTP (RFC4226) and TOTP (RFC6238). Can be used for both server and client roles.

Examples

OTP Server

import (
  "dev.justinjudd.org/justin/otp"
)

var Issuer = "example.com"

func CreateKeyForUser(user string) {

  opts := otp.NewHOTPKeyOptions()
  opts.Issuer = Issuer
  opts.Label = user
  key := otp.NewHOTPKey(opts)

  keyURL := key.URL()
  Store(user, keyURL)

  // Provide the URL to the customer so they can include it in their 2FA client.
  // Can email URL, or present QR code encoding of the URL
}

// Store this string variable in your database
func Store(user, url string) {

}

// Retrieve the url string variable from your database
func GetURL(user string) string {
  return ""
}

func CheckUsersCode(user string, code string) (bool, error) {
  keyURL := GetURL(user)

  key, err := otp.FromURL(keyURL)
  if err != nil {
    return false, err
  }

  // Ensure you are using the correct key
  if key.Label() != user {
    return false, nil
  }

  success := key.Verify(code)

  // Counter has been updated, update this info in the database
  // Don't need this step for TOTP keys as the counter is time-based
  keyURL = key.URL()

  return success, nil
    }

OTP Client

import (
  "dev.justinjudd.org/justin/otp"
)

// Just an example for storing OTP keys on the client
var keys map[Key]string


// Key is used as keys for the otp key storing map
type Key struct {
	Issuer, Label string
}

func GetCode(issuer, username string) (string, error) {

  mapKey := Key{issuer, username}

  // Get the stored Key URL
  keyURL, ok := keys[mapKey]
  if !ok {
    return "", nil
  }

  // Build the key from the URL
  key, err := otp.FromURL(keyURL)
  if err != nil {
    return "", err
  }

  // Verify Issuer and Label are correct
  if key.Issuer() != issuer || key.Label() != username {
    return "", nil
  }

  code := key.OTP()

  // If using HOTP, than need to save the state
  keyURL = key.URL()
  keys[mapKey]= keyURL

  return code, nil
}