12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970 |
- /**
- * Copyright 2014 Paul Querna
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
- // Package otp implements both HOTP and TOTP based
- // one time passcodes in a Google Authenticator compatible manner.
- //
- // When adding a TOTP for a user, you must store the "secret" value
- // persistently. It is recommend to store the secret in an encrypted field in your
- // datastore. Due to how TOTP works, it is not possible to store a hash
- // for the secret value like you would a password.
- //
- // To enroll a user, you must first generate an OTP for them. Google
- // Authenticator supports using a QR code as an enrollment method:
- //
- // import (
- // "github.com/pquerna/otp/totp"
- //
- // "bytes"
- // "image/png"
- // )
- //
- // key, err := totp.Generate(totp.GenerateOpts{
- // Issuer: "Example.com",
- // AccountName: "alice@example.com",
- // })
- //
- // // Convert TOTP key into a QR code encoded as a PNG image.
- // var buf bytes.Buffer
- // img, err := key.Image(200, 200)
- // png.Encode(&buf, img)
- //
- // // display the QR code to the user.
- // display(buf.Bytes())
- //
- // // Now Validate that the user's successfully added the passcode.
- // passcode := promptForPasscode()
- // valid := totp.Validate(passcode, key.Secret())
- //
- // if valid {
- // // User successfully used their TOTP, save it to your backend!
- // storeSecret("alice@example.com", key.Secret())
- // }
- //
- // Validating a TOTP passcode is very easy, just prompt the user for a passcode
- // and retrieve the associated user's previously stored secret.
- // import "github.com/pquerna/otp/totp"
- //
- // passcode := promptForPasscode()
- // secret := getSecret("alice@example.com")
- //
- // valid := totp.Validate(passcode, secret)
- //
- // if valid {
- // // Success! continue login process.
- // }
- package otp
|