{"id":13507701,"url":"https://github.com/yuce/pot","last_synced_at":"2025-05-15T23:03:26.597Z","repository":{"id":25999270,"uuid":"29441722","full_name":"yuce/pot","owner":"yuce","description":"POT is an Erlang library for generating Google Authenticator compatible one time passwords","archived":false,"fork":false,"pushed_at":"2023-12-08T04:57:57.000Z","size":274,"stargazers_count":239,"open_issues_count":0,"forks_count":38,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-05-03T01:55:43.835Z","etag":null,"topics":["2fa","authenticator","elixir","erlang"],"latest_commit_sha":null,"homepage":"","language":"Erlang","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/yuce.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2015-01-18T21:26:03.000Z","updated_at":"2025-04-28T11:07:06.000Z","dependencies_parsed_at":"2024-01-05T21:54:21.654Z","dependency_job_id":"a4d03cf3-f2bc-4307-95b9-4931049f8211","html_url":"https://github.com/yuce/pot","commit_stats":{"total_commits":101,"total_committers":14,"mean_commits":7.214285714285714,"dds":0.5841584158415842,"last_synced_commit":"a983a0fe92f2ce82befbd27af9d7eb6e25f4df45"},"previous_names":[],"tags_count":8,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yuce%2Fpot","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yuce%2Fpot/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yuce%2Fpot/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yuce%2Fpot/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/yuce","download_url":"https://codeload.github.com/yuce/pot/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254043220,"owners_count":22004912,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["2fa","authenticator","elixir","erlang"],"created_at":"2024-08-01T02:00:37.934Z","updated_at":"2025-05-15T23:03:26.528Z","avatar_url":"https://github.com/yuce.png","language":"Erlang","readme":"[![Build Status](https://github.com/yuce/pot/workflows/build/badge.svg)](https://github.com/yuce/pot/actions?query=workflow:build)\n[![coveralls.io](https://coveralls.io/repos/github/yuce/pot/badge.svg?branch=master)](https://coveralls.io/github/yuce/pot)\n[![hex.pm](http://img.shields.io/hexpm/v/pot.svg?style=flat)](https://hex.pm/packages/pot)\n\n\n# POT\n\n- [Introduction](#introduction)\n- [Version History](#version-history)\n- [Usage](#usage)\n- [Function Reference](#function-ref)\n- [Examples (Erlang)](#examples-erlang)\n- [Examples (Elixir)](#examples-elixir)\n- [Credits](#credits)\n- [Licence](#license)\n\n## Introduction\n\nPOT is an Erlang library for generating one time passwords. It supports both HMAC-based one time passwords (HOTP) and time based ones (TOTP). The generated passwords are based on [RFC 4226][rfc4226] and [RFC 6238][rfc6238], compatible with [Google Authenticator][google_auth_wiki].\n\nPOT is an almost direct translation of the Python [OneTimePass][onetimepass] library.\n\nPOT should work with any recent version of [Erlang/OTP][erlang], [Elixir][elixir], and other Erlang VM based languages.\n\nIn order to learn more about one time password generation, see the following Wikipedia articles:\n\n- [Google Authenticator][google_auth_wiki]\n- [HMAC-based One-time Password Algorithm][hotp_wiki] ([RFC 4226][rfc4226])\n- [Time-based One-time Password Algorithm][totp_wiki] ([RFC 6238][rfc6238])\n\n## Version History\n\n### 2021-08-07\n\n- Released version 1.0.2 with the following changes:\n\n  * [Fix type specs](https://github.com/yuce/pot/pull/33/commits/359779a068b478e48ee9e958f3ebb076ac3476d2) (Thanks to Krzysztof Jurewicz)\n  * [Added OTP 24.0 to CI](https://github.com/yuce/pot/pull/34/commits/2cfb7f9a07e3adac2540ffbfd7666485065c025f) (Thanks to Julius Beckmann)\n\n### 2021-03-28\n\n- Released version 1.0.1 with the following changes:\n\n    * [Migrate from Travis to GitHub Actions](https://github.com/yuce/pot/pull/31/commits/9aeab637e26d43362b2239960a0c1c0212a2174b) (Thanks to Nicholas Lundgaard)\n    * [Update pot.erl to support sha256 and not use deprecated :crypto.hmac](https://github.com/yuce/pot/commit/f96b50d00568154aabff7f956b974ad295c38fd6) (Thanks to Francois Paul)\n\n### 2020-09-15\n\n- Released version 1.0.0 with the following changes:\n\n    * [Move coveralls into project_plugins](https://github.com/yuce/pot/pull/26/commits/3483722db62915cde74aa9476324461c9240c8b7) (Thanks to Bryan Paxton)\n\n### 2020-03-08\n\n- Released version 0.11.0 with the following changes:\n\n    * [Improved types, README documentation](https://github.com/yuce/pot/commit/fa4d4314465f7cb7d32526c4c495fcf4f7b0eaf5) (Thanks to Nicholas Lundgaard)\n    * [Add return_interval option to valid_hotp](https://github.com/yuce/pot/commit/62b8289afe9bc807dd055cec13a810594dc91e8a) (Thanks to Nicholas Lundgaard)\n\n### 2019-10-16\n\n- Released version 0.10.2 with the following change:\n\n    * [Fix valid_totp to support upper bound on check_candidate](https://github.com/yuce/pot/pull/20) (Thanks to Nicholas Lundgaard)\n\n### 2019-08-03\n\n- Released version 0.10.1 with the following change:\n\n    * [Added pot prefix to base32 module avoid name collision](https://github.com/yuce/pot/pull/16) (Thanks to Girish Ramnani). This is a breaking change, `base32` module was renamed to `pot_base32`.\n\n### 2019-07-09\n\n- Released version 0.9.8 with the following bug fix:\n\n    * [Return boolean on pot:valid_hotp/2 and pot:valid_hotp/3](https://github.com/yuce/pot/pull/15) (Thanks to Zbigniew Pekala)\n\n### 2018-02-12\n\n  - `pot:totp/2` supports setting the timestamp (Thanks to Julius Beckmann)\n\n### 2017-08-04\n\n  - Added options to support Android devices (Thanks to Pedro Vieira)\n\n### 2016-07-30\n\n  - Released version 0.9.5 with bug fixes (Thanks to Peter McLain)\n\n### 2015-01-20\n\n  - Embedded base32_erlang library\n\n### 2015-01-18\n\n  - Initial version\n  \n## Usage\n\nSee the sections below on using `pot` in your Erlang and Elixir project.\n\n### Erlang\n\nWe recommend using [rebar3][rebar3] for managing dependencies and building the library. POT is available on hex.pm, so you can just include the following in your `rebar.config`:\n\n```\n{deps, [pot]}.\n```\n\nSee the [Erlang examples](#examples-erlang)\n\n### Elixir\n\nInclude POT in your `mix.exs` as a dependency:\n\n```elixir\ndefp deps do\n    [{:pot, \"~\u003e 1.0\"}]\nend\n```\n\n## \u003ca id=\"function-ref\"\u003e\u003c/a\u003eFunction Reference\n\nThe functions below refer to the following common parameters:\n\n| Parameter  | Type     |\n|------------|----------|\n| `Interval` | integer  |\n| `Secret`   | string\\* |\n| `Token`    | string\\* |\n\n- `Interval` is an integer that represents the counter value, the \"moving factor\" referenced in [RFC 4226][rfc4226]. It is an 8 byte unsigned integer; if a negative and/or too large integer is passed, it will be 2's complemented and truncated appropriately.\n- `Secret` is a base-32-encoded secret key. Generally, it should be at least 128 bits, preferably 160 bits. \n- `Token` is a HOTP/TOTP value represented as a string\\*. This is generally a 6-digit number, e.g., \"123456\", but its length may be modulated with the `token_length` option.\n\n\\*Note: for [Erlang][erlang] uses of `pot`, all strings should be in `binary()` format.\n\n### Token Generation Functions\n\n#### `hotp/2,3`\n\nGenerate an [RFC 4226][rfc4226] compatible HOTP token. \n\nErlang:\n\n```\npot:hotp(Secret, Interval) -\u003e Token\npot:hotp(Secret, Interval, Options) -\u003e Token\n```\n\nElixir:\n\n```\n:pot.hotp(Secret, Interval) -\u003e Token\n:pot.hotp(Secret, Interval, Options) -\u003e Token\n```\n\nThe following `Options` are allowed:\n\n| Option          | Type        | Default |\n|-----------------|-------------|---------|\n| `digest_method` | atom        | sha     |\n| `token_length`  | integer \u003e 0 | 6       |\n\n- `digest_method` controls the signing algorithm passed to the [Erlang][erlang] `crypto` module's [`hmac`][crypto_hmac] function. For [RFC 4226][rfc4226] compliant tokens, it must be set to `sha`. For [RFC 6238][rfc6238] compliant tokens, additional values such as `sha256` or `sha512` may be used.\n- `token_length` controls the number of digits in output `Token`.\n\n#### `totp/1,2`\n\nGenerate an [RFC 6238][rfc6238] compatible TOTP token. \n\nErlang:\n\n```\npot:totp(Secret) -\u003e Token\npot:totp(Secret, Options) -\u003e Token\n```\n\nElixir:\n\n```\n:pot.totp(Secret) -\u003e Token\n:pot.totp(Secret, Options) -\u003e Token\n```\n\nThe following `Options` are allowed:\n\n| Option            | Type        | Default/Reference        |\n|-------------------|-------------|--------------------------|\n| `addwindow`       | integer     | 0                        |\n| `digest_method`   | atom        | from [hotp/2,3](#hotp23) |\n| `interval_length` | integer \u003e 0 | 30                       |\n| `timestamp`       | timestamp   | [`os:timestamp()`][ts]   |\n| `token_length`    | integer \u003e 0 | from [hotp/2,3](#hotp23) |\n\n- `addwindow` acts as an offset to the `Interval` extrapolated from dividing the `timestamp` by the `interval_length` per the algorithm described in [RFC 6238][rfc6238].\n- `interval_length` controls the number of seconds for the `Interval` computation.\n- `timestamp` may be passed to specify a custom timestamp (in Erlang [timestamp][ts] format) to use for computing the `Interval` used to generate a `Token`.\n\n### Token Validation Functions\n\n#### `valid_token/1,2`\n\nValidate that a given `Token` has the correct format (correct length, all digits).\n\nErlang:\n\n```\npot:valid_token(Token) -\u003e Boolean\npot:valid_token(Token, Options) -\u003e Boolean\n```\n\nElixir:\n\n```\n:pot.valid_token(Token) -\u003e Boolean\n:pot.valid_token(Token, Options) -\u003e Boolean\n```\n\nThe following `Options` are allowed:\n\n| Option            | Type        | Default/Reference        |\n|-------------------|-------------|--------------------------|\n| `token_length`    | integer \u003e 0 | from [hotp/2,3](#hotp23) |\n\n#### `valid_hotp/2,3`\n\nValidate an [RFC 4226][rfc4226] compatible HOTP token. Returns `true` if the `Token` is valid. \n\nErlang:\n\n```\npot:valid_hotp(Token, Secret) -\u003e Boolean\npot:valid_hotp(Token, Secret, Options) -\u003e Boolean | {true, interval()}\n```\n\nElixir:\n\n```\n:pot.valid_hotp(Token, Secret) -\u003e Boolean\n:pot.valid_hotp(Token, Secret, Options) -\u003e Boolean | {true, interval()}\n```\n\nThe following `Options` are allowed:\n\n| Option            | Type        | Default/Reference        |\n|-------------------|-------------|--------------------------|\n| `digest_method`   | atom        | from [hotp/2,3](#hotp23) |\n| `last`            | integer     | 1                        |\n| `return_interval` | boolean     | false                     |\n| `token_length`    | integer \u003e 0 | from [hotp/2,3](#hotp23) |\n| `trials`          | integer \u003e 0 | 1000                     |\n\n- `last` is the `Interval` value of the previous valid `Token`; the next `Interval` after `last` is used as the first candidate for validating the `Token`.\n- `trials` controls the number of incremental `Interval` values after `last` to try when validating the `Token`. If a matching candidate is not found within `trials` attempts, the `Token` is considered invalid.\n- `return_interval` controls whether the matching `Interval` of a valid `Token` is returned with the result. if set to `true`, then `valid_hotp/2` will return `{true, Interval}` (e.g., `{true, 123}`) when a valid `Token` is provided.\n\n#### `valid_totp/2,3`\n\nValidate an [RFC 6238][rfc6238] compatible TOTP token. Returns `true` if the `Token` is valid.\n\nErlang:\n\n```\npot:valid_totp(Token, Secret) -\u003e Boolean\npot:valid_totp(Token, Secret, Options) -\u003e Boolean\n```\n\nElixir:\n\n```\n:pot.valid_totp(Token, Secret) -\u003e Boolean\n:pot.valid_totp(Token, Secret, Options) -\u003e Boolean\n```\n\nThe following `Options` are allowed:\n\n| Option            | Type        | Default/Reference        |\n|-------------------|-------------|--------------------------|\n| `addwindow`       | integer     | from [totp/1,2](#totp12) |\n| `digest_method`   | atom        | from [hotp/2,3](#hotp23) |\n| `interval_length` | integer \u003e 0 | from [totp/1,2](#totp12) |\n| `timestamp`       | timestamp   | from [totp/1,2](#totp12) |\n| `token_length`    | integer \u003e 0 | from [hotp/2,3](#hotp23) |\n| `window`          | integer \u003e 0 | 0                        |\n\n- `window` is a range used for expanding `Interval` value derived from the `timestamp`. This is done by considering the `window` `Interval`s before *and* after the one derived from the `timestamp`. This allows validation to be relaxed to allow for successful validation of TOTP `Token`s generated by clients with some degree of unknown clock drift from the server, as well as some client entry delay. \n\n## Examples (Erlang)\n\nPOT works with binary tokens and secrets.\n\n### Create a time based token\n\n```erlang\nSecret = \u003c\u003c\"MFRGGZDFMZTWQ2LK\"\u003e\u003e,\nToken = pot:totp(Secret),\n% Do something with the token\n```\n\n### Create an HMAC based token\n\n```erlang\nSecret = \u003c\u003c\"MFRGGZDFMZTWQ2LK\"\u003e\u003e,\nCurrentTrial = 3,\nToken = pot:hotp(Secret, CurrentTrial),\n% Do something with the token\n```\n\n### Check some time based token\n\n```erlang\nSecret = \u003c\u003c\"MFRGGZDFMZTWQ2LK\"\u003e\u003e,\nToken = \u003c\u003c\"123456\"\u003e\u003e,\nIsValid = pot:valid_totp(Token, Secret),\n% Do something\n```\n\n### Check some HMAC based token\n\n```erlang\nSecret = \u003c\u003c\"MFRGGZDFMZTWQ2LK\"\u003e\u003e,\nToken = \u003c\u003c\"123456\"\u003e\u003e,\nLastUsed = 5,  % last successful trial\nIsValid = pot:valid_hotp(Token, Secret, [{last, LastUsed}]),\n% Do something\n```\n\nAlternatively, to get the last interval from a validated token:\n\n```erlang\nSecret = \u003c\u003c\"MFRGGZDFMZTWQ2LK\"\u003e\u003e,\nToken = \u003c\u003c\"123456\"\u003e\u003e,\nLastUsed = 5,  % last successful trial\nOptions = [{last, LastUsed}, {return_interval, true}],\nNewLastUsed = case pot:valid_hotp(Token, Secret, Options) of\n                  {true, LastInterval} -\u003e LastInterval;\n                  false -\u003e LastUsed\n              end,\n% Do something\n```\n\n### Create a time based token with 30 seconds ahead\n\n```erlang\nSecret = \u003c\u003c\"MFRGGZDFMZTWQ2LK\"\u003e\u003e,\nToken = pot:totp(Secret, [{addwindow, 1}]),\n% Do something\n```\n\n### Check a time based token from a mobile device with 30 seconds ahead and a ±1 interval tolerance\n\n```erlang\nSecret = \u003c\u003c\"MFRGGZDFMZTWQ2LK\"\u003e\u003e,\nToken = \u003c\u003c\"123456\"\u003e\u003e,\nIsValid = pot:valid_totp(Token, Secret, [{window, 1}, {addwindow, 1}]),\n% Do something\n```\n\n### Create a time based token for given time\n\nTime format is `{MegaSecs, Secs, MicroSecs}` received by os:timestamp()\n\n```erlang\nSecret = \u003c\u003c\"MFRGGZDFMZTWQ2LK\"\u003e\u003e,\nToken = pot:totp(Secret, [{timestamp, {1518, 179058, 919315}}]),\n% Token will be \u003c\u003c\"151469\"\u003e\u003e\n```\n\n## Examples (Elixir)\n\n### Create a time based token\n\n```elixir\nsecret = \"MFRGGZDFMZTWQ2LK\"\ntoken = :pot.totp(secret)\n# Do something with the token\n```\n\n### Create an HMAC based token\n\n```elixir\nsecret = \"MFRGGZDFMZTWQ2LK\"\ncurrent_trial = 3\ntoken = :pot.hotp(secret, current_trial)\n# Do something with the token\n```\n\n### Check some time based token\n\n```elixir\nsecret = \"MFRGGZDFMZTWQ2LK\"\ntoken = \"123456\"\nis_valid = :pot.valid_totp(token, secret)\n# Do something\n```\n\n### Check some HMAC based token\n\n```elixir\nsecret = \"MFRGGZDFMZTWQ2LK\"\ntoken = \"123456\"\nlast_used = 5  # last successful trial\nis_valid = :pot.valid_hotp(token, secret, [{:last, last_used}])\n# Do something\n```\n\nAlternatively, to get the last interval from a validated token:\n\n```elixir\nsecret = \"MFRGGZDFMZTWQ2LK\"\ntoken = \"123456\"\nlast_used = 5  # last successful trial\noptions = [{:last, last_used}, {:return_token, true}]\nnew_last_used =\n    case :pot.valid_hotp(token, secret, options) do\n        {true, last_interval} -\u003e last_interval\n        false -\u003e last_used\n    end\n# Do something\n```\n\n\n### Create a time based token with 30 seconds ahead\n\n```elixir\nsecret = \"MFRGGZDFMZTWQ2LK\"\ntoken = :pot.totp(secret, [addwindow: 1])\n# Do something\n```\n\n### Check a time based token from a mobile device with 30 seconds ahead and a ±1 interval tolerance\n\n```elixir\nsecret = \"MFRGGZDFMZTWQ2LK\"\ntoken = \"123456\"\nis_valid = :pot.valid_totp(token, secret, [window: 1, addwindow: 1])\n# Do something\n```\n\n### Create a time based token for given time\n\nTime format is `{MegaSecs, Secs, MicroSecs}` received by :os.timestamp()\n\n```elixir\nsecret = \"MFRGGZDFMZTWQ2LK\"\ntoken = :pot.totp(secret, [timestamp: {1518, 179058, 919315}])\n# Token will be \u003c\u003c\"151469\"\u003e\u003e\n```\n\n## Credits\n\n- Yüce Tekol\n- Tomasz Jaskowski: [OneTimePass](https://github.com/tadeck/onetimepass) Python library\n- Andrew Tunnell-Jones: [base32_erlang](https://github.com/aetrion/base32_erlang) library\n\nThanks to [contributors](CONTRIBUTORS).\n\n### Maintainers\n\n- 2020 -  ... : Nicholas Lundgaard\n- 2014 - 2020 : Yüce Tekol\n\n## License\n\nCopyright (c) 2014-2021 POT Contributors\n\nPermission is hereby granted, free of charge, to any person obtaining a copy of this software\nand associated documentation files (the \"Software\"), to deal in the Software without\nrestriction, including without limitation the rights to use, copy, modify, merge, publish,\ndistribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the\nSoftware is furnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all copies or\nsubstantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING\nBUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND\nNONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,\nDAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n\n[onetimepass]: https://github.com/tadeck/onetimepass\n[erlang]: http://www.erlang.org\n[elixir]: http://elixir-lang.org\n[rfc4226]: https://tools.ietf.org/html/rfc4226\n[rfc6238]: https://tools.ietf.org/html/rfc6238\n[rebar3]: https://github.com/erlang/rebar3\n[google_auth_wiki]: http://en.wikipedia.org/wiki/Google_Authenticator\n[hotp_wiki]: http://en.wikipedia.org/wiki/HMAC-based_One-time_Password_Algorithm\n[totp_wiki]: http://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm\n[crypto_hmac]: http://erlang.org/doc/man/crypto.html#hmac-3\n[ts]: http://erlang.org/doc/man/os.html#timestamp-0\n","funding_links":[],"categories":["Cryptography","Frameworks and Libs"],"sub_categories":["Elixir"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyuce%2Fpot","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fyuce%2Fpot","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyuce%2Fpot/lists"}