Python bindings for the OATH Toolkit library (one-time password generation/verification).
Python HTML Shell
Switch branches/tags
Nothing to show
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
docs
examples
oath_toolkit
requirements
salt
tests
.coveragerc
.gitignore
.travis.yml
AUTHORS.rst
CONTRIBUTING.rst
LICENSE
LICENSE.docs
MANIFEST.in
README.rst
TODO.rst
Vagrantfile
requirements.txt
setup.cfg
setup.py
tox.ini

README.rst

Python bindings for OATH Toolkit

This package is a set of Python bindings for the OATH Toolkit library. Please note that it is OATH (open authentication, e.g., one-time passwords) and not OAuth (an open standard for authorization).

[Travis CI] [CodeClimate] [Read The Docs]

Features

  • Runs on a variety of Python versions/implementations
  • QR code generator, compatible with apps like Google Authenticator
  • Integration with WTForms
  • Integration with Django via django-otp

Quick Install

Note

For a more detailed set of installation instructions, including optional feature prerequisites and installing from Git, please consult the installation docs.

  1. Make sure CPython 2.6, 2.7, 3.3, 3.4, or PyPy ≥ 2.0 is installed.

  2. Make sure pip is installed.

  3. Make sure liboath from oath-toolkit is installed.

  4. If you're using CPython, it's recommended that a C compiler, Python development headers/libraries, liboath development headers/libraries, and Cython are available.

  5. Run the following:

    user@host:~$ pip install pyoath-toolkit
    

Usage

To generate a time-based one-time password (TOTP):

from oath_toolkit import TOTP
from time import time

digits = 6
time_step = 30
oath = TOTP(b'secret key', digits, time_step)
one_time_password = oath.generate(time())

To validate a HMAC-based one-time password (HOTP):

from oath_toolkit import HOTP
from oath_toolkit.exc import OATHError

def verify(otp, counter):
    digits = 6
    oath = HOTP(b'secret key', digits)
    try:
        return oath.verify(otp, counter)
    except OATHError:
        return False

For an explanation of terms like time_step and counter, refer to the API documentation.

More complex examples can be found in the examples/ directory, which includes a port of the command-line app oathtool, a sample Django project, and a simple Flask app which shows how WTForms integration works.

Documentation

The docs at Read the Docs contains information such as:

  • Requirements and installation instructions
  • API documentation
  • Contribution guidelines and a list of contributors

License

Unless otherwise noted in the respective files, the code is licensed under the Apache License 2.0; see the LICENSE file for details on the Apache license. The otherwise-licensed files have the requisite separate license details. Specifically:

  • oath_toolkit/django_otp/hotp/tests.py and oath_toolkit/django_otp/totp/tests.py are originally licensed under the two-clause BSD license.
  • examples/django/example/forms.py is originally licensed under the MIT license.

The documentation is licensed under the Creative Commons Attribution-ShareAlike 4.0 International License; see the LICENSE.docs file for details.