otp/README.md

# otp

Go library for generating and using One Time Passwords. Supports both HOTP ([RFC4226](https://tools.ietf.org/html/rfc4226)) and TOTP ([RFC6238](https://tools.ietf.org/html/rfc6238)). Can be used for both server and client roles.

[![GoDoc](https://godoc.org/dev.justinjudd.org/justin/otp?status.svg)](https://godoc.org/dev.justinjudd.org/justin/otp)

## Examples

### OTP Server

    import (
      "dev.justinjudd.org/justin/otp"
    )

    var Issuer = "example.com"

    func CreateKeyForUser(user string) {

      opts := otp.NewHOTPKeyOptions()
      opts.Issuer = Issuer
      opts.Label = user
      key := otp.NewHOTPKey(opts)

      keyURL := key.URL()
      Store(user, keyURL)

      // Provide the URL to the customer so they can include it in their 2FA client.
      // Can email URL, or present QR code encoding of the URL
    }

    // Store this string variable in your database
    func Store(user, url string) {

    }

    // Retrieve the url string variable from your database
    func GetURL(user string) string {
      return ""
    }

    func CheckUsersCode(user string, code string) (bool, error) {
      keyURL := GetURL(user)

      key, err := otp.FromURL(keyURL)
      if err != nil {
        return false, err
      }

      // Ensure you are using the correct key
      if key.Label() != user {
        return false, nil
      }

      success := key.Verify(code)

      // Counter has been updated, update this info in the database
      // Don't need this step for TOTP keys as the counter is time-based
      keyURL = key.URL()

      return success, nil
    }


### OTP Client

    import (
      "dev.justinjudd.org/justin/otp"
    )

    // Just an example for storing OTP keys on the client
    var keys map[Key]string


    // Key is used as keys for the otp key storing map
    type Key struct {
    	Issuer, Label string
    }

    func GetCode(issuer, username string) (string, error) {

      mapKey := Key{issuer, username}

      // Get the stored Key URL
      keyURL, ok := keys[mapKey]
      if !ok {
        return "", nil
      }

      // Build the key from the URL
      key, err := otp.FromURL(keyURL)
      if err != nil {
        return "", err
      }

      // Verify Issuer and Label are correct
      if key.Issuer() != issuer || key.Label() != username {
        return "", nil
      }

      code := key.OTP()

      // If using HOTP, than need to save the state
      keyURL = key.URL()
      keys[mapKey]= keyURL

      return code, nil
    }
initial commit 2015-11-28 15:26:18 +00:00			`# otp`

Adding otp code and updated README. 2016-01-10 23:03:04 +00:00			`Go library for generating and using One Time Passwords. Supports both HOTP ([RFC4226](https://tools.ietf.org/html/rfc4226)) and TOTP ([RFC6238](https://tools.ietf.org/html/rfc6238)). Can be used for both server and client roles.`

			`[![GoDoc](https://godoc.org/dev.justinjudd.org/justin/otp?status.svg)](https://godoc.org/dev.justinjudd.org/justin/otp)`

			`## Examples`

			`### OTP Server`

			`import (`
			`"dev.justinjudd.org/justin/otp"`
			`)`

			`var Issuer = "example.com"`

			`func CreateKeyForUser(user string) {`

			`opts := otp.NewHOTPKeyOptions()`
			`opts.Issuer = Issuer`
			`opts.Label = user`
			`key := otp.NewHOTPKey(opts)`

			`keyURL := key.URL()`
Updating some of the examples. 2016-01-11 00:56:15 +00:00			`Store(user, keyURL)`
Adding otp code and updated README. 2016-01-10 23:03:04 +00:00
			`// Provide the URL to the customer so they can include it in their 2FA client.`
			`// Can email URL, or present QR code encoding of the URL`
			`}`

Updating some of the examples. 2016-01-11 00:56:15 +00:00			`// Store this string variable in your database`
			`func Store(user, url string) {`

			`}`

			`// Retrieve the url string variable from your database`
			`func GetURL(user string) string {`
			`return ""`
			`}`

Adding otp code and updated README. 2016-01-10 23:03:04 +00:00			`func CheckUsersCode(user string, code string) (bool, error) {`
Updating some of the examples. 2016-01-11 00:56:15 +00:00			`keyURL := GetURL(user)`
Adding otp code and updated README. 2016-01-10 23:03:04 +00:00
			`key, err := otp.FromURL(keyURL)`
			`if err != nil {`
			`return false, err`
			`}`

			`// Ensure you are using the correct key`
Updating some of the examples. 2016-01-11 00:56:15 +00:00			`if key.Label() != user {`
Adding otp code and updated README. 2016-01-10 23:03:04 +00:00			`return false, nil`
			`}`

			`success := key.Verify(code)`

			`// Counter has been updated, update this info in the database`
			`// Don't need this step for TOTP keys as the counter is time-based`
			`keyURL = key.URL()`

Updating some of the examples. 2016-01-11 00:56:15 +00:00			`return success, nil`
Adding otp code and updated README. 2016-01-10 23:03:04 +00:00			`}`


Updating some of the examples. 2016-01-11 00:56:15 +00:00
Adding otp code and updated README. 2016-01-10 23:03:04 +00:00			`### OTP Client`

			`import (`
			`"dev.justinjudd.org/justin/otp"`
			`)`

			`// Just an example for storing OTP keys on the client`
			`var keys map[Key]string`


			`// Key is used as keys for the otp key storing map`
			`type Key struct {`
			`Issuer, Label string`
			`}`

			`func GetCode(issuer, username string) (string, error) {`

			`mapKey := Key{issuer, username}`

			`// Get the stored Key URL`
			`keyURL, ok := keys[mapKey]`
			`if !ok {`
			`return "", nil`
			`}`

			`// Build the key from the URL`
			`key, err := otp.FromURL(keyURL)`
			`if err != nil {`
			`return "", err`
			`}`

			`// Verify Issuer and Label are correct`
Updating some of the examples. 2016-01-11 00:56:15 +00:00			`if key.Issuer() != issuer \|\| key.Label() != username {`
Adding otp code and updated README. 2016-01-10 23:03:04 +00:00			`return "", nil`
			`}`

			`code := key.OTP()`

			`// If using HOTP, than need to save the state`
			`keyURL = key.URL()`
			`keys[mapKey]= keyURL`

			`return code, nil`
			`}`