authy | Go library and program to access your Authy TOTP secrets | Authentication library
kandi X-RAY | authy Summary
kandi X-RAY | authy Summary
This is a Go library that allows you to access your Authy TOTP tokens. It was created to facilitate exports of your TOTP database, because Authy do not provide any way to access or port your TOTP tokens to another client. It also somewhat documents Authy's protocol/encryption, since public materials on that are somewhat scarce. Please be careful. You can get your Authy account suspended very easily by using this package. It does not hide itself or mimic the official clients.
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of authy
authy Key Features
authy Examples and Code Snippets
Community Discussions
Trending Discussions on authy
QUESTION
not sure if this is possible - but I would like to get a passcode from the Authy app via API ( so I can log in programmatically ).
Is that possible?
...ANSWER
Answered 2021-May-22 at 07:03Twilio developer evangelist here.
There is not an API for this. Adding 2FA to an account is intended to stop automatic logins and require a user to produce a code from something they have (in this case, their phone number and authorised device), so side-stepping this is not supported or recommended.
QUESTION
I am fairly new to Django so I wanted to know what should I do to make default authenticate function of Django accepts only email and password to login, assuming that in sign-up form I have both username and email. The following code does not work properly.However when I add
...ANSWER
Answered 2020-Nov-21 at 13:30If you just want to access user using email, you're not using authentication on the first place. So, to solve your purpose, following approaches can be followed:
- Get user email in url params in every request (so that user can be identified)
- Set default password while creating the user account for all users and use that password while authentication (not recommended)
QUESTION
I created a object that takes in email, and phone number and country code but whenever I pass the phone number it adds parenthesis and a comma.
Here is how I am passing it in.
...ANSWER
Answered 2020-Nov-14 at 21:30There was a comma after the phone initialization which was causing a type conversion to a tuple (for testing i just took the important parts of your code and it worked for me)
QUESTION
We currently have a solution where we implement 2FA ourselves over Twilio Programmable SMS. We're also using Twilio Verify for Payment PSD2 authorization. We're now looking to migrate everything to Authy to make use of the Authy app and I have the following questions that I'm hoping you can help me with.
- User Migration. I understand in authy, users need to be registered to our application. How can I register all our current users? Is there any way to bulk upload them, or do I have to write a script that calls the API to register them one by one?
- User Number phone update. Sometimes our users will update their phone or email in our system. If that happens, how do I update that info in Authy? I couldn't find anything in the docs about that. Do I need to call the api to remove the user and readd with the new info?
- Migrating from Verify PSD2 to Authy PSD2. Is the implementation very different? Is there any sample I can look through, as the documentation seems to mainly be talking about QR codes, while what we want to do, is to send it over SMS or Authy depending on the user's choice. Thanks for your help Sam
ANSWER
Answered 2020-Aug-24 at 06:21Twilio developer evangelist here.
You will need to write a script to register your users. When you have registered a user, you will receive an
authy_id
for the user, which you will need to store with your user record.If a user updates their phone number then you should update the Authy user. To do so, you will want to delete the old user and re-register with the new phone number. You will then receive a new
authy_id
and you should re-confirm the user can authenticate by challenging them for a new code before you complete the update. If the user updates their email then you can do the same process of deleting and creating a new user though you should receive the sameauthy_id
back if the phone number hasn't changed (though this will add the email address to Authy's representation of the user).Check the documentation on PSD2 compliant authentication with Authy here. If you are sending SMS messages, then you should set the
action
andaction_message
parameters, which tie the message to the authentication. For the app based authentications you can do it via Push Notifications (in which you can include transaction details in the push). If you don't want to implement push, then you do need to get your user to scan a QR code in order to tie the transaction to the authentication (the regular code generated by the app is not connected to a transaction, so is ineligible for PSD2 authentication).
Let me know if this helps at all.
QUESTION
I have the SESSION_DRIVER set to database. After login, when I try to get the session()->getId()
in the LoginController::authenticated()
method, I seem to get the session id that was before regeneration. The database seems to contain this session id as well.
This causes problems when I try to log accesses to my application. I can't update the logout time against a session id because when I log the access in the LogSuccessfulLogin
listener, the access is logged against the session id before regeneration and on logout I get the session id after regeneration for which a record doesn't exist in the access logs table.
Moreover, when I try to get $request->user()->sessions()->count()
on the LoginController::authenticated()
method, I always seem to get activeSessions-1
as the count. For example, I login on Chrome, I get the count as 0. I concurrently login from FireFox and I get the count as 1. The session seems to be inserted in database after the authenticated method. Following is the code for my LoginController
:
ANSWER
Answered 2020-May-06 at 03:28I found the problem. Session saving is written in StartSession
middleware and will kick in only on each request. In this case, we are not redirecting after $request->session()->regenerate();
, rather we are calling the ->authenticated()
method.
The session is not saved due to the middleware not being triggered yet, hence the inconsistency in session id. User's session count is also inconsistent due to this, since the latest session is not yet saved, the count will always be returned as actualCount - 1
.
A workaround to this is to override ->sendLoginResponse($request)
method and manually save the session after regeneration like so:
QUESTION
Is it safe to share 2FA
codes? I'm talking about TOTP
like Google Authenticator
or Authy
.
For example, if i have code and generation time, is it possible to predict new codes? What if i have more than 1 pair of code+time?
I think it's possible to predict new codes based on old information (code+time).
So if this is possible, how do I do it? Im looking for some algorithm.
Known Time period, time, code and secret length.
Example:
...ANSWER
Answered 2020-Apr-17 at 03:56Internally, these 2FA generators usually work based on a time-based one-time password algorithm. Those algorithms work by using strong hash functions on a combination of two values: a shared secret and the current time increment, and specifically use a construction called HMAC that’s known to be secure provided the underlying hash function is.
As a result, if someone could predict future outputs of your 2FA device by seeing some timestamps and outputs from the 2FA device, then they would either (1) have to know the shared secret or (2) be able to break the HMAC. Both of these are unlikely unless someone either has hacked Google or knows of attacks on HMAC or the underlying hash function in ways beyond what’s in the public literature.
In other words, you shouldn’t need to worry about someone guessing future values given past values, though I’d still advise against giving out old values because you shouldn’t be giving out 2FA values to anyone except the site you’re logging into. :-)
QUESTION
We want to provide an option to end user so that the user can get 2FA code in both way(in email and in SMS at same time)? Is it possible to send the same OTP via email as well as SMS at same time in Authy?
...ANSWER
Answered 2020-Mar-16 at 05:18Twilio developer evangelist here.
Each different application/method of OTP delivery with Authy is assigned a different secret and generates different codes. So you cannot send the same code over email and SMS at the same time.
However, if you send two different OTP codes to your user, then either of them will work when they input the code and you verify it against the API.
QUESTION
I'm experimenting & learning how to work with PostgreSQL, namely its Notify/Listen feature, in the context of making Server-Sent Events according to this tutorial.
The tutorial publishes NOTIFY
to the user
channel (via its id
) whenever a user
is saved and an attribute, authy_status
is changed. The LISTEN
method then yields the new authy_status
Code:
ANSWER
Answered 2020-Mar-11 at 08:05Please use after_commit
instead of after_save
. This way, the user record is surely committed in the database
There are two additional callbacks that are triggered by the completion of a database transaction: after_commit and after_rollback. These callbacks are very similar to the after_save callback except that they don't execute until after database changes have either been committed or rolled back.
https://guides.rubyonrails.org/active_record_callbacks.html#transaction-callbacks
Actually it's not relevant to your question, you can use either.
Here's how I would approach your use case: You want to get notified when an user is created:
QUESTION
We've our own solution for code generation and we want to send the code generated by us through Authy. Is that possible to send custom verification code using Authy?
...ANSWER
Answered 2020-Mar-07 at 14:37Twilio Verify supports this (along with Voice, SMS, and Email channels).
QUESTION
I want to send 2-Factor Authentication token via email using Twilio's Authy api. I know Authy api offering Push Authentication, Soft token, SMS/Voice but is it also possible to send token via email? If so, then can I register the user at authy without providing phone number and country code but just will give email address? Actually I only need to send token via email not over the phone.
Thanks.
...ANSWER
Answered 2020-Mar-06 at 12:08Authy adds support for user authentication via email https://www.twilio.com/changelog/authy-adds-support-user-authentication-email
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install authy
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page