Unable to use with google authenticator #7
Comments
|
From the snippets, for the python version, you're using TOTP. So the equivalent should be otplib.totp.generate('AAAABBBBCCCCDDDD');For Google Authenticator, although it uses TOTP under the hood, there are additional requirements for the secret. As such, you have to encode the secret before using it. i.e. var secret = otplib.authenticator.encode('AAAABBBBCCCCDDDD');
var token = otplib.authenticator.generate(secret);Let me know if you still have any problems with it. |
|
@yeojz thanks for the response. I tried the following but none of the tokens match what GA app generates. Can you try this out and compare with what the GA mobile app generates, and see if the token matches for you? |
|
@scheler Noted... I'll need to investigate this over the weekend. Thanks |
|
I've released Sample code: <html>
<head>
<script src="https://rawgit.com/yeojz/otplib/gh-pages/lib/otplib-commons.js"></script>
<script src="https://rawgit.com/yeojz/otplib/gh-pages/lib/otplib.js"></script>
<body>
<strong>Url</strong>
<div class='url'></div>
<strong>Token</strong>
<div class='token'></div>
<script>
var secret = "AAAABBBBCC";
secret = otplib.authenticator.encode(secret);
var token = otplib.authenticator.generate(secret);
console.log("secret is ", secret, "authenticator token is ", token);
document.querySelector('.token').innerHTML = token;
document.querySelector('.url').innerHTML = otplib.authenticator.keyuri('issue7', 'test', secret);
</script>
</body>
</html>Do try it out and keep me posted. Thanks! |
yeojz
added
bug
|
@yeojz sorry I couldnt test this earlier. I tried this now - it seems to work on the sample secrets you have but not the one that I have, which I cannot share here. One difference I noticed between the two secrets is that the base32 decoded value of each is of different type. In the example that you have the secret is actually ASCII text AAAABBBBCC (which is the base32 decoded value of the secret in the key URI), but in my test case the base32 decoded value of secret in the key URI is binary. I will try and obtain a test secret that I can share with you here. |
|
@yeojz I am unable to obtain a test secret to share. I will have to debug this with the one I have. I want to step through and compare result of each step against the python lib. Where can I get unobfuscated versions of the following JS files: |
|
@scheler the files above are all generated by webpack. The source of those files are in this repository under the src folder. |
|
I used the latest from npm and I was not able to get the otplib to generate a token that matched google authenticator. |
|
Mind if you try something?
It is quite difficult for me to debug as RFC test cases are passing, and its working for the services I'm using, but it seems that there are still some token errors. If you are able to send me a sample fail case, that would be great. At the very least, may I know the length of the secret you're using? Thanks! |
|
Will do. Btw, I tried the otp npm library and that worked immediately.
…On Wed, Aug 16, 2017 at 8:23 AM Gerald Yeo ***@***.***> wrote:
@SunburnedGoose <https://github.com/sunburnedgoose>
Mind if you try something?
- Install v4.0.6 and see if that works for you since I tweaked it to
address the issue brought up by the OP.
- Ensure that your clocks on both devices are the same.
It is quite difficult for me to debug as RFC test cases are passing, and
its working for the services I'm using, but it seems that there are still
some token errors. If you are able to send me a sample fail case, that
would be great.... Else I'll need to trouble you to try and point me to a
general failing area.
Thanks!
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#7 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AA8GIFIvZ1ALXuq_dpG_W5NG2A_Z8-ZUks5sYu1AgaJpZM4Ohiqp>
.
|
|
My secret is 32 bytes. |
|
I have same issue, when I updated to v5.0.0 from v4.0.6. The service is GitLab and the secret is 32 bytes. |
|
@SunburnedGoose @kohatang Noted. I'll try and replicate. @kohatang Thanks for informing about the service! |
|
@SunburnedGoose @kohatang @scheler Do try out 5.1.1 and let me know if things are solved. I tried it on my own GitLab account and things seems to be generating properly already. |
|
I tried v5.1.1, It is working. |
|
@yeojz I've been playing with otplib for about a day and was considering using it for a project because I love your documentation, you took the time to provider a browser version, and you seem pretty responsive to issues. Just wanted to let you know that I'm having the same issue with otplib generating incorrect codes compared to Google Authenticator, Authy, etc. I've read through the suggestions in this thread and tried them all, but I cannot get it to work correctly. I am using let secret = 'svt52xeze2twc2mu'.toUpperCase();
console.log('secret = %s', secret);
encoded_secret = otplib.authenticator.encode(secret);
console.log('code from otplib = %s', otplib.authenticator.generate(encoded_secret));However, when I use speakeasy v2.0.0, it works as expected: let secret = 'svt52xeze2twc2mu'.toUpperCase();
console.log('secret = %s', secret);
console.log('code from speakeasy = %s', speakeasy.totp({
secret: secret,
encoding: 'base32'
}));And also otp v0.1.3 works as expected: let secret = 'svt52xeze2twc2mu'.toUpperCase();
console.log('secret = %s', secret);
console.log('code from otp = %s', otp.parse(secret).totp());Any thoughts on what I might be doing wrong, or do you think its a bug in otplib? I'm open to suggestions getting otplib working as I try to find another lib that works well in the browser and/or adapt speakeasy to work in the browser. Thanks! |
yeojz
added
reopened
and removed
released
|
@conorgil Thanks for the examples. It'll help alot. Going by the code for speakeasy, it will treat the secret as base32 and decode it. update 1: sha reference: d30a92b For the code mismatch issue, I'll need some time to delve into it further. code: /* eslint-disable no-console */
import otplib from './packages/otplib';
import speakeasy from 'speakeasy';
import otp from 'otp';
const secret = 'svt52xeze2twc2mu'.toUpperCase();
console.log('secret = %s', secret);
console.log('-------------------');
console.log('code from otplib = %s', otplib.authenticator.generate(secret));
console.log('-------------------');
console.log('code from speakeasy = %s', speakeasy.totp({
secret: secret,
encoding: 'base32'
}));
console.log('-------------------');
console.log('code from otp = %s', otp.parse(secret).totp());
update 2 sha reference: 7a4478d tests are passing. Giving it a once over before releasing. |
|
@yeojz thanks for the quick reply!
That is what I had originally expected from the docs, so I don't think you need to update them. It did not work when I first tried to use the lib (perhaps because of the bug you just fixed), so I started reading through old issues on the project and thought I saw somewhere that someone said that you had to use I will try the commit you referenced and let you know if its working for me as well. I assume I'll have to build it locally and import into my existing test project? |
|
@conorgil I've prereleased it on npm.. you can install it via |
|
@yeojz I checked out the master branch and there is a failing test. From commit Also, I tried installing the next release for my test script and it still does not work as expected: |
|
I ran the tests on branch |
|
@conorgil By any chance you're using node 8? It puzzled me for a while as I couldn't reproduce the issue of the tests, but it seems that swapping to node 8 triggered it.. seems like there is some difference to I am however, unable to repro the code issue. update 1 I've fix the test within the |
|
@yeojz thanks for your continued work on this. Yea, I'm using the latest version of Node. Sorry for not specifying that in my initial comment. |
|
I've added the example you've given into the test suite under issues.spec.js, Since it's clearing the automated checks, I'm releasing the changes under v7.0.0. |
|
Closing this as no further issues are raised. |
yeojz
added
released
Hello,
I am unable to use this library to generate OTP matching Google Authenticator. The python version https://github.com/pyotp/pyotp works fine though.
Here's an example:
This prints: secret is AAAABBBBCCCCDDDD token is 972373
The following python version matches the code generate by GA app:
Is there anything wrong with the above use of otplib for GA?
thanks
Santosh
The text was updated successfully, but these errors were encountered: