ExOtp allows you to create One-Time-Passwords, which can be either Time-based One-Time Passwords(TOTP) and Counter based OTPs(via HMAC-based One Time Passwords(HOTP)).
The library is primarily based on the PyOTP, and almost exactly mirrors their API as well. It follows the MFA standards defined in RFC4226(HOTP: an Hmac-Based One-Time Password Algorithm) and RFC6238(TOTP: Time-Based One-Time Password Algorithm).
The library provides the following features:
- Generate TOTP or Counter based HOTP
- Generate QR codes for OTPs
- Generate random secret values(if required)
The full documentation is available here.
You can install ex_otp by adding it to your list of dependencies in mix.exs:
def deps do
[
{:ex_otp, "~> 0.0.1"}
]
end- You can create a TOTP object using either a random secret or a user-provided secret as follows:
secret = ExOtp.random_secret()
#=> "uapgaiacdaptafbu"
totp = ExOtp.create_totp(secret, 30) # Specify interval for which the OTP will be valid.
#=> %ExOtp.Totp{
# base: %ExOtp.Base{
# digest: :sha,
# digits: 6,
# secret: "OVQXAZ3BNFQWGZDBOB2GCZTCOU======"
# },
# interval: 30
#}- You can then generate an otp using the
totpobject, for a given datetime value:
otp = ExOtp.generate_totp(totp, DateTime.utc_now())
#=> "967372"- Finally, you can check if the otp is valid using the
otpandtotpobjects:
ExOtp.valid_totp?(totp, otp, DateTime.utc_now())
#=> true- Create a HOTP object using either a random secret or a user-provided secret as follows:
secret = ExOtp.random_secret()
#=> "uapgaiacdaptafbu"
totp = ExOtp.create_hotp(secret, 30) # Specify initial count
#=> %ExOtp.Hotp{
# base: %ExOtp.Base{
# digest: :sha,
# digits: 6,
# secret: "OVQXAZ3BNFQWGZDBOB2GCZTCOU======"
# },
# initial_count: 0
#}- Generate an otp using the
hotpobject, for a given datetime value:
otp = ExOtp.generate_hotp(hotp, DateTime.utc_now())
#=> "268374"- Finally, you can check if the otp is valid using the
otpandhotpobjects:
ExOtp.valid_hotp?(hotp, otp, 0) # Specify counter value
#=> true- Generate the provision URI for use with a QR code scanner built into MFA apps such as Google Authenticator.
- Generate the QR code using the
EQRCodelibraby, which is an optional dependency. - Given a
totpobject and anotp, you can generate the QR code using:
totp
|> ExOtp.provision_uri_totp(otp, "test:shubham@google.com",issuer_name: "test")
|> ExOtp.generate_qr_code("code.svg")
#=> 09:51:17.102 [info] QR code written to file: code.svg- Generate the coverage report using following mix task:
MIX_ENV=test mix excoveralls- PyOTP - The API and implementation is largely based on PyOTP.
- Nimble TOTP by Dashbit.
- Generally, I used this library to check the correctness of my implementation, and also borrowed their implementation for generating the QR code :)
- Their library supports a few optional features, which are missing in
ex_otpfor now. - I also aim to add benchmarks tests comparing our libraries in the near future!
Copyright 2022 Shubham Gupta
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.