OTP (One Time Password) utility in Java
Switch branches/tags
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
docs
gradle/wrapper
src
.gitignore
.travis.yml
LICENSE
README.md
build.gradle
gradlew
gradlew.bat
pom.xml

README.md

Jotp

Build Codacy Codecov Known Vulnerabilities

OTP (One Time Password) utility in Java. To enable two-factor authentication (2FA) using HMAC-based or Time-based algorithms.

Getting Started

Maven:

<repositories>
    <repository>
        <id>jcenter</id>
        <url>https://jcenter.bintray.com/</url>
    </repository>
</repositories>

<dependency>
    <groupId>com.amdelamar</groupId>
    <artifactId>jotp</artifactId>
    <version>1.2.0</version>
</dependency>

Gradle:

repositories {
    jcenter()
}

dependencies {
    compile 'com.amdelamar:jotp:1.2.0'
}

Or Download the latest release. Published on JCenter.

Usage

import com.amdelamar.jotp.OTP;
import com.amdelamar.jotp.type.Type;

// Random secret Base32 with 20 bytes (160 bits) length
// (Use this to setup 2FA for new accounts).
String secret = OTP.randomBase32(20);
// Returns: IM4ZL3G5Q66KW4U7PMOQVXQQH3NGOCHQ

// Generate a Time-based OTP from the secret, using Unix-time
// rounded down to the nearest 30 seconds.
String code = OTP.create(secret, OTP.timeInHex(), 6, Type.TOTP);

Show the user the QR Code 1

Easiest way to do this is through Goolge APIs, but I plan to add a 'generateImage()' function soon.

QR Image Example https://chart.googleapis.com/chart?chs=200x200&cht=qr&chl=200x200&chld=M|0&cht=qr&chl=otpauth://totp/Example:hello@example.com?secret=IM4ZL3G5Q66KW4U7PMOQVXQQH3NGOCHQ&issuer=Example&algorithm=SHA1&digits=6&period=30

After user scans the image with their mobile app we can compare codes.

// Get User's input code for a login...
String userEnteredCode = "123456";

// Verify OTP
if(OTP.verify(secret, userEnteredCode, 6, Type.TOTP)) {
    // Code valid. Login successful.
}

Details

This code currently supports the standard HMAC-based (HOTP RFC 4226) and time-based (TOTP RFC 6238) algorithms for one-time passwords.

It was started as an easy way to enable 2-Factor Authentication for Java based web applications, but it can be applied to other Java applications as well.

Contribute

A project by Austin Delamar based off of Kamron Zafar's work and other contributors.

If you'd like to contribute, feel free to fork and make changes, then open a pull request to master branch.

License

Apache 2.0

1 QR code standard is trademarked by Denso Wave, Inc.