Google authenticator api java

Saved searches

Use saved searches to filter your results more quickly

You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.

Google Authenticator Server side code

License

wstrange/GoogleAuth

This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Sign In Required

Please sign in to use Codespaces.

Launching GitHub Desktop

If nothing happens, download GitHub Desktop and try again.

Launching GitHub Desktop

If nothing happens, download GitHub Desktop and try again.

Launching Xcode

If nothing happens, download Xcode and try again.

Launching Visual Studio Code

Your codespace will open once ready.

There was a problem preparing your codespace, please try again.

Latest commit

update QR code image margin from 0 to 10

Git stats

Files

Failed to load latest commit information.

README.md

GoogleAuth is a Java server library that implements the Time-based One-time Password (TOTP) algorithm specified in RFC 6238.

This implementation borrows from Google Authenticator, whose C code has served as a reference, and was created upon code published in this blog post by Enrico M. Crisostomo.

Any developer who wants to add TOTP multi-factor authentication to a Java application and needs the server-side code to create TOTP shared secrets, generate and verify TOTP passwords.

Users may use TOTP-compliant token devices (such as those you get from your bank), or a software-based token application (such as Google Authenticator).

The minimum Java version required to build and use this library is Java 7.

Add a dependency to your build environment.

 com.warrenstrange googleauth 1.4.0  

 compile 'com.warrenstrange:googleauth:1.4.0' 

The required libraries will be automatically pulled into your project:

Both the Google Authenticator client applications (available for iOS, Android and BlackBerry) and its PAM module can be used to generate codes to be validated by this library.

However, this library can also be used to build custom client applications if Google Authenticator is not available on your platform or if it cannot be used.

This library includes full JavaDoc documentation and a JUnit test suite that can be used as example code for most of the library purposes.

Texinfo documentation sources are also included and a PDF manual can be generated by an Autotools-generated Makefile :

To bootstrap the Autotools, the included autogen.sh script can be used.

Since typical users will not have a TeX distribution installed in their computers, the PDF manuals for every version of GoogleAuth are hosted at this address.

The following code creates a new set of credentials for a user. No user name is provided to the API and it is a responsibility of the caller to save it for later use during the authorisation phase.

GoogleAuthenticator gAuth = new GoogleAuthenticator(); final GoogleAuthenticatorKey key = gAuth.createCredentials(); 

The user should be given the value of the shared secret, returned by

so that the new account can be configured into its token device. A convenience method is provided to easily encode the secret key and the account information into a QRcode.

When a user wishes to log in, he will provide the TOTP password generated by his device. By default, a TOTP password is a 6 digit integer that changes every 30 seconds. Both the password length and its validity can be changed. However, many token devices such as Google Authenticator use the default values specified by the TOTP standard and they do not allow for any customization.

The following code checks the validity of the specified password against the provided Base32-encoded secretKey :

GoogleAuthenticator gAuth = new GoogleAuthenticator(); boolean isCodeValid = gAuth.authorize(secretKey, password); 

Since TOTP passwords are time-based, it is essential that the clock of both the server and the client are synchronised within the tolerance used by the library. The tolerance is set by default to a window of size 3 and can be overridden when configuring a GoogleAuthenticator instance.

This library can generate TOTP codes for testing or for use as a software-based client.

GoogleAuthenticator gAuth = new GoogleAuthenticator(); int code = gAuth.getTotpPassword(secretKey); 

The codes generated in this way can be used as an alternative to the codes that would be generated by the Google Authenticator App (or other client device).

By default 5 scratch codes are generated together with a new shared secret. Scratch codes are meant to be a safety net in case a user loses access to their token device. Scratch nodes are not a functionality required by the TOTP standard and it is up to the developer to decide whether they should be used in his application.

The library can assist with fetching and storing user credentials and a hook is provided to users who want to integrate this functionality. The ICredentialRepository interface defines the contract between a credential repository and this library.

The credential repository can be set in multiple ways:

• The credential repository can be set on a per-instance basis, using the credentialRepository property of the IGoogleAuthenticator interface.
• The library looks for instances of this interface using the Java ServiceLoader API (introduced in Java 6), that is, scanning the META-INF/services package looking for a file named com.warrenstrange.googleauth.ICredentialRepository and, if found, loading the provider classes listed therein.

Two methods needs to be implemented in the ICredentialRepository interface.

The credentials repository establishes the relationship between a user name and its credentials. This way, API methods receiving only a user name instead of credentials can be used.

The following code creates a new set of credentials for the user Bob and stores them on the configured ICredentialRepository instance:

GoogleAuthenticator gAuth = new GoogleAuthenticator(); final GoogleAuthenticatorKey key = gAuth.createCredentials("Bob"); 

The following code checks the validity of the specified code against the secret key of the user Bob returned by the configured ICredentialRepository instance:

GoogleAuthenticator gAuth = new GoogleAuthenticator(); boolean isCodeValid = gAuth.authorizeUser("Bob", code); 

If an attempt is made to use such methods when no credential repository is configured, an exception is thrown:

java.lang.UnsupportedOperationException: An instance of the com.warrenstrange.googleauth.ICredentialRepository service must be configured in order to use this feature. 

Please, read the manual before opening a ticket. If you have read the manual and you still think the behaviour you are observing is a bug, then open a ticket on github.

Copyright (c) 2013 Warren Strange

Copyright (c) 2014-2019 Enrico M. Crisostomo

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

• Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
• Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
• Neither the name of the author nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS «AS IS» AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

About

Google Authenticator Server side code

Источник

Saved searches

Use saved searches to filter your results more quickly

You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.

oril-software/2fa-google-authenticator-java

This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Sign In Required

Please sign in to use Codespaces.

Launching GitHub Desktop

If nothing happens, download GitHub Desktop and try again.

Launching GitHub Desktop

If nothing happens, download GitHub Desktop and try again.

Launching Xcode

If nothing happens, download Xcode and try again.

Launching Visual Studio Code

Your codespace will open once ready.

There was a problem preparing your codespace, please try again.

Latest commit

Git stats

Files

Failed to load latest commit information.

README.md

Two-Factor Authentication with Google Authenticator App using JAVA

Two-Factor Authentication (TFA or 2FA) is a second step in login sequence that asks you to enter 6-digits code sent to you by email, text message or Google Authenticator app and this code expires in 30 or 60 seconds. This second step of authentication makes your account more secure, because even if someone knows your login and password, they still need your physical mobile device to see 2FA code sent to you.

This code example demonstrates how to use TFA with Google Authenticator App.

1. Install Google Authenticator app on your mobile phone.
2. Run the MainApplication.class in you IDE.
3. You should see the generated ‘QRCode.png’ image in your project root folder.
4. Now open your Google Authenticator app. Press ‘plus’ button to add a new entry and select ‘Scan Barcode’.
5. Open the generated ‘QRCode.png’ image and scan it.
6. After scanning this QR code you should see a new entry in Google Authenticator entry list with 6-digits being regenerated every 30 seconds.
7. In the project console that is still running you can see the text Please enter 2fA code here -> . So you need to enter 6-digits code from your Google Authenticator App.

If you did everything correctly then after entering 2fa code to the console you should see the following text message:

Or if 2FA code is already expired or invalid:

To generate new secret key for each user for example just use generateSecretKey() method from Utils.class .

Height and Width of the QR image can be changed by passing them to this method Utils.createQRCode() .

Email and Company name (which are just any string) can be also changed in order to display different name for each user in their Google Authenticator entry list.

• Please send us your suggestions on how we make this code even more useful for the development community or contribute to this repo!
• Check out our blog article with more details!

Источник