Skip to content
This repository has been archived by the owner. It is now read-only.

Yubico/yubico-java-client

master
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
doc
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

yubico-java-client

Note
This project is deprecated and is no longer being maintained. For more information and guidance on how to implement Yubico OTP support in applications, see https://status.yubico.com/2021/04/15/one-api-yubico-com-one-http-get/.

Build Status

This repository contains a Java library with an accompanying demo server, as well as a JAAS module, to validate YubiKey OTPs (One-Time Passwords).

By default, this library uses the Yubico YubiCloud validation platform, but it can be configured for another validation server.

Note
For more details on how to use a YubiKey OTP library, visit developers.yubico.com/OTP.

Usage

Add this to your pom.xml:

 <dependency>
   <groupId>com.yubico</groupId>
   <artifactId>yubico-validation-client2</artifactId>
   <version>3.0.5</version>
 </dependency>
// clientId and secretKey are retrieved from https://upgrade.yubico.com/getapikey
YubicoClient client = YubicoClient.getClient(clientId, secretKey);

// otp is the OTP from the YubiKey
VerificationResponse response = client.verify(otp);
assert response.isOk();

After validating the OTP you should make sure that the publicId part belongs to the correct user. For example:

YubicoClient.getPublicId(otp)
    .equals(/* Yubikey ID associated with the user */);

For a complete example, see the demo server.

Logging

The validation client depends on slf4j-api for logging. To get the actual logs and not receive warnings on System.out you will need to depend on a slf4j logger binding, for example slf4j-log4j with the following Maven configuration:

 <dependency>
  <groupId>org.slf4j</groupId>
  <artifactId>slf4j-log4j</artifactId>
  <version>1.6.1</version>
 </dependency>

Read more

For more complete descriptions of methods and failure states, please see the JavaDoc.

About

Client library for verifying YubiKey one-time passwords (OTPs).

Resources

License

Stars

Watchers

Forks

Packages

No packages published