Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/daegalus/dart-otp
RFC6238 Time-Based One-Time Password / Google Authenticator Library
https://github.com/daegalus/dart-otp
dart dartlang hacktoberfest otp
Last synced: 12 days ago
JSON representation
RFC6238 Time-Based One-Time Password / Google Authenticator Library
- Host: GitHub
- URL: https://github.com/daegalus/dart-otp
- Owner: daegalus
- License: mit
- Created: 2012-11-01T22:46:28.000Z (about 12 years ago)
- Default Branch: master
- Last Pushed: 2024-08-15T16:13:53.000Z (3 months ago)
- Last Synced: 2024-10-13T08:44:30.924Z (26 days ago)
- Topics: dart, dartlang, hacktoberfest, otp
- Language: Dart
- Homepage:
- Size: 598 KB
- Stars: 100
- Watchers: 5
- Forks: 25
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Funding: .github/FUNDING.yml
- License: LICENSE
Awesome Lists containing this project
README
MAJOR BEHAVIOR CHANGE IN 3.1.0: [Explanation of Changes from 3.0 to 3.1](https://github.com/Daegalus/dart-otp/wiki/Explanation-of-Changes-from-3.0-to-3.1)
# dart-otp
RFC4226/RFC6238 One-Time Password / Google Authenticator Library
Features:
- Generate TOTP (RFC6238) and HOTP (RFC4226) codes.
- [Annotated source code](https://daegalus.github.io/dart-otp/)
## Getting Started
### Pubspec
pub.dartlang.org: (you can use 'any' instead of a version if you just want the latest always)
```yaml
dependencies:
otp: 3.1.2
```
```dart
import 'package:otp/otp.dart';
```
Start generating tokens.
```dart
// Generate TOTP code. (String versin of function incase of leading 0)
OTP.generateTOTPCodeString("JBSWY3DPEHPK3PXP", 1362302550000); // -> '505548'
// Generate HOTP Code.
OTP.generateHOTPCodeString("JBSWY3DPEHPK3PXP", 7); // -> '006676'
```
## API
### Notes
This library does not support any other secret input other than Base32. It is what is used standard most places, and by Google Authenticator.
If your secrets are not Base32 forms, please use my Base32 library (the one I use as a dependency for this library) or any other base32 library to encode your secret before passing it into the functions. All generate functions force decode of Base32.
### Global Settings
`useTOTPPaddingForHOTP` (bool, default: false)
Uses the TOTP padding method for handling secrets bigger or smaller than the mandatory sizes for SHA256/SHA512.
This is needed as HOTP does not have an official method of using SHA256 or SHA512 in the RFC spec and most libraries don't pad HOTP for use with SHA256 or SHA512. (examples: otplib and speakeasy from Node.js)
If you enable this, it will use the same padding as TOTP (repeating the secret to the right length) but might cause incompatibilies with other libraries. I am defaulting to no padding, as this is the predominant behavior I am finding for HOTP.
### OTP.generateTOTPCode(String secret, int currentTime, {int length: 6, int interval: 30, Algorithm algorithm: Algorithm.SHA256, bool isGoogle: false})
Generate a code for the provided secret and time.
- `secret` - (String) A Base32 String.
- `currentTime` - (int) The current time in milliseconds.
- `length` - (int) The length of the resulting code.
- `interval` - (int) Refresh interval to get a new code.
- `algorithm` - (Algorithm) Hashing method.
- `isGoogle` - (bool) flag to turn off secret padding for Google Auth.
Returns an `int` code. Does not preserve leading zeros.
### OTP.generateTOTPCodeString(String secret, int currentTime, {int length: 6, int interval: 30, Algorithm algorithm: Algorithm.SHA256, bool isGoogle: false})
Generate a code for the provided secret and time.
- `secret` - (String) A Base32 String.
- `currentTime` - (int) The current time in milliseconds.
- `length` - (int) The length of the resulting code.
- `interval` - (int) Refresh interval to get a new code.
- `algorithm` - (Algorithm) Hashing method.
- `isGoogle` - (bool) flag to turn off secret padding for Google Auth.
Returns an `String` code. Preserves leading zeros.
### OTP.generateHOTPCode(String secret, int counter, {int length: 6})
Generate a code for the provided secret and time.
- `secret` - (String) A Base32 String.
- `counter` - (int) An int counter.
- `length` - (int) the length of the resulting code.
Returns an `int` code. Does not preserve leading zeros
### OTP.generateHOTPCodeString(String secret, int counter, {int length: 6})
Generate a code for the provided secret and time.
- `secret` - (String) A Base32 String.
- `counter` - (int) An int counter.
- `length` - (int) the length of the resulting code.
Returns an `String` code. Preserves leading zeros
### OTP.constantTimeVerification(final String code, final String othercode)
*!DISCLAIMER!*
I can only get this to be within 1 millisecond between different codes and same codes.
I have yet to get them to be equal. but 1 millisecond should be an OK room for error though.
Compares 2 codes in constant time to minimize risk of timing attacks.
- `code` - (String) A Base32 String.
- `othercode` - (String) A Base32 String.
Returns an `bool` if they match or not.
### OTP.remainingSeconds({int interval = 30})
This will return the remaining seconds based on the `lastUsedTime` variable, that is only set when using `generateTOTP*` functions.
- `interval` - (int) The interval you are using for your codes, defaults to the standard 30 seconds.
Returns an `int` of the remaining seconds.
## Testing
```
pub run test
```
## Release notes
See CHANGELOG.md