OTP-Java | use one-time password generator library | Authentication library
kandi X-RAY | OTP-Java Summary
kandi X-RAY | OTP-Java Summary
A small and easy-to-use one-time password generator library for Java according to RFC 4226 (HOTP) and RFC 6238 (TOTP).
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
- Generate a time - time - based timestamp
- Generate OTP code
- Convert long to byte array
- Gets HMAC name
- Decode a base32 value to bytes array
- Generates a SHA - 256 hash for the given data
- Get OTP code from given password length
- This method verifies if the given code is valid for the given OTP
- Checks if a given OTP code is valid
- This method will verify if an OTP code is valid or not
- Checks if a given OTP code is valid
- Construct a TOTP provider from an URI
- Get map of query items from URI
- Generate TOTP code for this time interval
- Calculate a new counter
- Creates a new HOTP instance from the given URI
- Returns a factory with default values
- Construct a new TOTP provider with default values
OTP-Java Key Features
OTP-Java Examples and Code Snippets
Lines of Code : 40License : Permissive (MIT)
Copy// Generate a secret (or use your own secret)
byte[] secret = SecretGenerator.generate();
TOTPGenerator.Builder builder = new TOTPGenerator.Builder(secret);
builder
.withPasswordLength(6)
.withAlgorithm(HMACAlgorithm.SHA1) // SHA256 and SHA byte[] secret = "VV3KOX7UQJ4KYAKOHMZPPH3US4CJIMH6F3ZKNB5C2OOBQ6V2KIYHM27Q".getBytes();
HOTPGenerator.Builder builder = new HOTPGenerator.Builder(secret);
HOTPGenerator hotp = builder.build();
HOTPGenerator.Builder builder = new HOTPGenerator.Builder
com.github.bastiaanjansen
otp-java
1.2.3
Community Discussions
Trending Discussions on OTP-Java
QUESTION
I'm just going to start this off with the links I have already checked:
Jacoco: IllegalStateException: Can't add different class with same name
jacoco : Cannot exclude classes
JaCoCo test coverage: How to exclude a class inside jar from report?
JaCoCo Can't add different class with same name: org/hamcrest/BaseDescription
These are just the SO questions I have checked, not to mention all the GitHub posts too..
I have spent 2 full days now trying to find the solution for my problem, but I have yet to find anything that works.
So the story goes like this:
- NetBeans project for automation testing
- The company I work for has a jar file
- I used below command to include this jar file in my project:
ANSWER
Answered 2020-Dec-22 at 09:49Okay, so I believe I found the cause for my issue..
As far as I can tell, it was due to the way in which I added/stored the external JAR file for my company.
The JAR file was in my project folder:
QUESTION
I want to add multi-factor authentication with TOTP soft tokens to an Angular & Spring application, while keeping everything as close as possible to the defaults of Spring Boot Security Starter.
The token-validation happens locally (with the aerogear-otp-java library), no third party API provider.
Setting up tokens for a user works, but validating them by leveraging Spring Security Authentication Manager/Providers does not.
TL;DR- What is the official way to integrate an additional AuthenticationProvider into a Spring Boot Security Starter configured system?
- What are recommended ways to prevent replay attacks?
The API has an endpoint /auth/token from which the frontend can get a JWT token by providing username and password. The response also includes an authentication-status, which can be either AUTHENTICATED or PRE_AUTHENTICATED_MFA_REQUIRED.
If the user requires MFA, the token is issued with a single granted authority of PRE_AUTHENTICATED_MFA_REQUIRED and an expiration-time of 5 minutes. This allows the user to access the endpoint /auth/mfa-token where they can provide the TOTP code from their Authenticator app and get the fully authenticated token to access the site.
I have created my custom MfaAuthenticationProvider which implements AuthenticationProvider:
ANSWER
Answered 2020-Feb-18 at 12:49To answer my own question, this is how I implemented it, after further research.
I have a provider as a pojo that implements AuthenticationProvider. It's deliberately not a Bean/Component. Otherwise Spring would register it as the only Provider.
QUESTION
I am facing an issue that has been mentioned before with Spring Boot vs. Hibernate Validation, where autowiring of dependencies inside custom Constraint Validators is not working. From my own debugging, I have noticed that when entity-level validation occurs, Hibernate loads a different ConstraintValidatorManager compared to when Hibernate is performing bean validation for form submits. The latter works fine, the former leads to dependencies of the custom Constraint Validator being null. It seems as if Hibernate is loading one manager from the root context and one from the servlet context. This would explain Hibernate not having any knowledge of the existence of the dependencies autowired in the custom Constraint Validator. If this is true however, I do not understand what is going on, or how to make Hibernate/JPA aware of the Spring context and it's beans.
I am hoping someone could point me in the right direction? I have tried all of the below answers, and much more (e.g. different library versions, configuration methods, static bean loading through a utils class, etc.):
Inject Repository inside ConstraintValidator with Spring 4 and message interpolation configuration
Autowired gives Null value in Custom Constraint validator
Also I have been through the Reference guide for Spring Boot specifically several times, without much luck. There are several cases that mention their Hibernate validation working fine, both for regular bean submits, as well as during entity persisting. Unfortunately, I seem unable to retrieve their exact (Java) configuration they used, but it seems they are using default configuration. I am starting to wonder if this is a specific Spring Boot issue (although it is stated a combination of Spring Validation and Hibernate Validation should work out-of-the-box).
Adding anything like below bean does not solve the issue (default factory being SpringConstraintValidatorFactory ofcourse):
...ANSWER
Answered 2019-Jun-17 at 09:30There is a way to tell Hibernate to use the same validator by setting javax.persistence.validation.factory
QUESTION
In Google Authenticator app you can either scan a QR code or manually type a key provided by the issuer.
In the following screenshot you can see the setup of 2FA among Google Security settings, displaying how to get the TOTP by following the 2nd method.
My question is: how is this key generated?
I'm trying to support 2FA with Google Authenticator for my website and I found many references and docs about how to generate the QR code, but none even mentioning the alternate method.
Edit:
To be a bit clearer, I'm supporting 2FA with Google Authenticator in a Grails 3 webapp. I already implemented the whole user flow by generating a secret key (Base32 string) for each user, providing a QR code for users to scan, and verifying the TOTP on login. I used as dependencies:
org.jboss.aerogear:aerogear-otp-java, aerogear OTP to conveniently verify user secret key against the TOTP from GAorg.grails.plugins:qrcode, qrcode Grails plugin to generate the QR code
My question is about the 2 ways to add a new entry in Google Authenticator app: 1. scan QR code (everything ok on my side) 2. manually type the account name along with an alphabetic code (in my 1st screenshot, the code is provided within Google Security Settings)
You can see an explicatory screenshot from GA for Android:
How can I generate and provide such code (starting with fzee in the 1st screenshot, and named "provided key" in the 2nd one) to the user? I'm sure it's an encoding of the same data string also encoded in the QR code, but I don't know which (not simply Base32).
ANSWER
Answered 2017-Nov-14 at 01:43The Google Authenticator Setup QR code is generated based on a few things, one of these is the "secret key", so depending on the codebase you are using to build it into your site the "secret key" is normally generated first and that key is then used to generate the QR code.
If you look at this node.js module you can see what I am talking about
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install OTP-Java
You can use OTP-Java like any standard Java library. Please include the the jar files in your classpath. You can also use any IDE and you can run and debug the OTP-Java component as you would do with any other Java program. Best practice is to use a build tool that supports dependency management such as Maven or Gradle. For Maven installation, please refer maven.apache.org. For Gradle installation, please refer gradle.org .
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page
