The Wayback Machine - https://web.archive.org/web/20210722140926/https://github.com/xlzd/gotp
Skip to content

/ gotp

Golang OTP(One-Time Password) Library.

MIT License
255 stars 40 forks
Star
Notifications
master
Switch branches/tags
1 branch 0 tags
Code
Clone

Use Git or checkout with SVN using the web URL.

Latest commit

@xlzd
xlzd Merge from mergenchik/develop: Added TOTP expiration time stamp return
c8557ba Oct 30, 2018
Merge from mergenchik/develop: Added TOTP expiration time stamp return 
Added TOTP expiration time stamp return
c8557ba

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
example
 
 
.gitignore
 
 
.travis.yml
 
 
LICENSE
 
 
README.md
 
 
doc.go
 
 
hotp.go
 
 
hotp_test.go
 
 
otp.go
 
 
totp.go
 
 
totp_test.go
 
 
utils.go
 
 
utils_test.go
 
 
GOTP - The Golang One-Time Password Library Installation Usage Time-based OTPs Counter-based OTPs Generate random secret Google Authenticator Compatible Working example License

README.md

GOTP - The Golang One-Time Password Library

build-status MIT License

GOTP is a Golang package for generating and verifying one-time passwords. It can be used to implement two-factor (2FA) or multi-factor (MFA) authentication methods in anywhere that requires users to log in.

Open MFA standards are defined in RFC 4226 (HOTP: An HMAC-Based One-Time Password Algorithm) and in RFC 6238 (TOTP: Time-Based One-Time Password Algorithm). GOTP implements server-side support for both of these standards.

GOTP was inspired by PyOTP.

Installation

$ go get github.com/xlzd/gotp

Usage

Check API docs at https://godoc.org/github.com/xlzd/gotp

Time-based OTPs

totp := gotp.NewDefaultTOTP("4S62BZNFXXSZLCRO")
totp.Now()  // current otp '123456'
totp.At(1524486261)  // otp of timestamp 1524486261 '123456'

# OTP verified for a given timestamp
totp.Verify('492039', 1524486261)  // true
totp.Verify('492039', 1520000000)  // false

// generate a provisioning uri
totp.ProvisioningUri("demoAccountName", "issuerName")
// otpauth://totp/issuerName:demoAccountName?secret=4S62BZNFXXSZLCRO&issuer=issuerName

Counter-based OTPs

hotp := gotp.NewDefaultHOTP("4S62BZNFXXSZLCRO")
hotp.At(0)  // '944181'
hotp.At(1)  // '770975'

# OTP verified for a given timestamp
hotp.Verify('944181', 0)  // true
hotp.Verify('944181', 1)  // false

// generate a provisioning uri
hotp.ProvisioningUri("demoAccountName", "issuerName", 1)
// otpauth://hotp/issuerName:demoAccountName?secret=4S62BZNFXXSZLCRO&counter=1&issuer=issuerName

Generate random secret

secretLength := 16
gotp.RandomSecret(secretLength) // LMT4URYNZKEWZRAA

Google Authenticator Compatible

GOTP works with the Google Authenticator iPhone and Android app, as well as other OTP apps like Authy. GOTP includes the ability to generate provisioning URIs for use with the QR Code scanner built into these MFA client apps via otpObj.ProvisioningUri method:

gotp.NewDefaultTOTP("4S62BZNFXXSZLCRO").ProvisioningUri("demoAccountName", "issuerName")
// otpauth://totp/issuerName:demoAccountName?secret=4S62BZNFXXSZLCRO&issuer=issuerName


gotp.NewDefaultHOTP("4S62BZNFXXSZLCRO").ProvisioningUri("demoAccountName", "issuerName", 1)
// otpauth://hotp/issuerName:demoAccountName?secret=4S62BZNFXXSZLCRO&counter=1&issuer=issuerName

This URL can then be rendered as a QR Code which can then be scanned and added to the users list of OTP credentials.

Working example

Scan the following barcode with your phone's OTP app (e.g. Google Authenticator):

Demo

Now run the following and compare the output:

package main

import (
	"fmt"
	"github.com/xlzd/gotp"
)

func main() {
	fmt.Println("Current OTP is", gotp.NewDefaultTOTP("4S62BZNFXXSZLCRO").Now())
}

License

GOTP is licensed under the MIT License

About

Golang OTP(One-Time Password) Library.

Topics

golang otp

Resources

Readme

License

MIT License

Releases

No releases published

Packages

No packages published

Contributors 2

Languages