Skip to content
master
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
src
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

README.md

Jotp

Build Codecov

OTP (One Time Password) utility in Java. To enable two-factor authentication (2FA) using HMAC-based or Time-based algorithms.

Download

Maven:

<repositories>
    <repository>
        <id>jcenter</id>
        <url>https://jcenter.bintray.com/</url>
    </repository>
</repositories>

<dependency>
    <groupId>com.amdelamar</groupId>
    <artifactId>jotp</artifactId>
    <version>1.3.0</version>
</dependency>

Gradle:

repositories {
    jcenter()
}

dependencies {
    compile 'com.amdelamar:jotp:1.3.0'
}

SBT:

resolvers += {
  Resolver.jcenterRepo
}

libraryDependencies ++= Seq(
  "com.amdelamar" % "jotp" % "1.3.0"
)

Or Download the latest release. Published on JCenter.

Usage

import com.amdelamar.jotp.OTP;
import com.amdelamar.jotp.type.Type;

// Random secret Base32 with 20 bytes (160 bits) length
// (Use this to setup 2FA for new accounts).
String secret = OTP.randomBase32(20);
// Returns: IM4ZL3G5Q66KW4U7PMOQVXQQH3NGOCHQ

// Generate a Time-based OTP from the secret, using Unix-time
// rounded down to the nearest 30 seconds.
String hexTime = OTP.timeInHex(System.currentTimeMillis(), 30);
String code = OTP.create(secret, hexTime, 6, Type.TOTP);

Show the user the QR Code 1

Easiest way to do this is through Goolge APIs, but I plan to add a 'generateImage()' function soon.

QR Image Example https://chart.googleapis.com/chart?chs=200x200&cht=qr&chl=200x200&chld=M|0&cht=qr&chl=otpauth://totp/Example:hello@example.com?secret=IM4ZL3G5Q66KW4U7PMOQVXQQH3NGOCHQ&issuer=Example&algorithm=SHA1&digits=6&period=30

After user scans the image with their mobile app we can compare codes.

// Get User's input code for a login...
String userEnteredCode = "123456";

// Verify OTP
if(OTP.verify(secret, userEnteredCode, 6, Type.TOTP)) {
    // Code valid. Login successful.
}

Details

This code currently supports the standard HMAC-based (HOTP RFC 4226) and time-based (TOTP RFC 6238) algorithms for one-time passwords.

It was started as an easy way to enable 2-Factor Authentication for Java based web applications, but it can be applied to other Java applications as well.

Contribute

A project by Austin Delamar based off of Kamron Zafar's work and other contributors.

If you'd like to contribute, feel free to fork and make changes, then open a pull request to master branch.

License

Apache 2.0

1 QR code standard is trademarked by Denso Wave, Inc.

You can’t perform that action at this time.