Package otp

import (
	"github.com/pquerna/otp/totp"

	"bytes"
	"image/png"
)

key, err := totp.Generate(totp.GenerateOpts{
		Issuer: "Example.com",
		AccountName: "alice@example.com",
})

// Convert TOTP key into a QR code encoded as a PNG image.
var buf bytes.Buffer
img, err := key.Image(200, 200)
png.Encode(&buf, img)

// display the QR code to the user.
display(buf.Bytes())

// Now Validate that the user's successfully added the passcode.
passcode := promptForPasscode()
valid := totp.Validate(passcode, key.Secret())

if valid {
	// User successfully used their TOTP, save it to your backend!
	storeSecret("alice@example.com", key.Secret())
}

import "github.com/pquerna/otp/totp"

passcode := promptForPasscode()
secret := getSecret("alice@example.com")

valid := totp.Validate(passcode, secret)

if valid {
	// Success! continue login process.
}

Variables

When generating a Key, the Account Name must be set.

var ErrGenerateMissingAccountName = errors.New("AccountName must be set")

When generating a Key, the Issuer must be set.

var ErrGenerateMissingIssuer = errors.New("Issuer must be set")

The user provided passcode length was not expected.

var ErrValidateInputInvalidLength = errors.New("Input length unexpected")

Error when attempting to convert the secret from base32 to raw bytes.

var ErrValidateSecretInvalidBase32 = errors.New("Decoding of secret as base32 failed.")

type Algorithm ¶

Algorithm represents the hashing function to use in the HMAC operation needed for OTPs.

type Algorithm int

const (
    // AlgorithmSHA1 should be used for compatibility with Google Authenticator.
    //
    // See https://github.com/pquerna/otp/issues/55 for additional details.
    AlgorithmSHA1 Algorithm = iota
    AlgorithmSHA256
    AlgorithmSHA512
    AlgorithmMD5
)

func (Algorithm) Hash ¶

func (a Algorithm) Hash() hash.Hash

func (Algorithm) String ¶

func (a Algorithm) String() string

type Digits ¶

Digits represents the number of digits present in the user's OTP passcode. Six and Eight are the most common values.

type Digits int

const (
    DigitsSix   Digits = 6
    DigitsEight Digits = 8
)

func (Digits) Format ¶

func (d Digits) Format(in int32) string

Format converts an integer into the zero-filled size for this Digits.

func (Digits) Length ¶

func (d Digits) Length() int

Length returns the number of characters for this Digits.

func (Digits) String ¶

func (d Digits) String() string

type Key ¶

Key represents an TOTP or HTOP key.

type Key struct {
    // contains filtered or unexported fields
}

func NewKeyFromURL ¶

func NewKeyFromURL(orig string) (*Key, error)

NewKeyFromURL creates a new Key from an TOTP or HOTP url.

The URL format is documented here:

https://github.com/google/google-authenticator/wiki/Key-Uri-Format

func (*Key) AccountName ¶

func (k *Key) AccountName() string

AccountName returns the name of the user's account.

func (*Key) Image ¶

func (k *Key) Image(width int, height int) (image.Image, error)

Image returns an QR-Code image of the specified width and height, suitable for use by many clients like Google-Authenricator to enroll a user's TOTP/HOTP key.

func (*Key) Issuer ¶

func (k *Key) Issuer() string

Issuer returns the name of the issuing organization.

func (*Key) Period ¶

func (k *Key) Period() uint64

Period returns a tiny int representing the rotation time in seconds.

func (*Key) Secret ¶

func (k *Key) Secret() string

Secret returns the opaque secret for this Key.

func (*Key) String ¶

func (k *Key) String() string

func (*Key) Type ¶

func (k *Key) Type() string

Type returns "hotp" or "totp".

func (*Key) URL ¶

func (k *Key) URL() string

URL returns the OTP URL as a string

Subdirectories