Generate one-time passwords(OTP)
This is compatible with apps available for Android and iPhone.
For that provide the secret key or an url in QR code for instance
HOTP RFC 4226
Create an HOTP
instance with our secret key encoded to base32(without pading ie. =)
$otp:=OTP.HOTP.new("JDDK4U6G3BJLEZ7Y") // base32 encoded key
Maintain a counter for a user, to change its value at each try.
You can verify the code according to a counter
$isAuth:=$otp.verify(654666; 1500)
You can get the code passing the current counter, to display it or send it by email or sms
$code:=$otp.at(1500)
$url:=$otp.provisioningUri("my app";$currentCounter)
TOTP RFC 6238
Create an TOTP
instance with our secret key encoded to base32(without pading ie. =)
$otp:=OTP.TOTP.new("JDDK4U6G3BJLEZ7Y")
TOTP allow to not manage a counter by using the current time stamp instead
You can verify the code with current timestamp
$isAuth:=$otp.verify(139664)
or a specific timestamp to test
$isAuth:=$otp.verify(139664;1301012137)
You can get the current code, to display it or send it by email or sms
$code:=$otp.now()
You can also get it for a specific time stamp
$code:=$o.at(1301012137)
$url:=$otp.provisioningUri("my app")
To encode to base 32 without padding (ie. =) you could use
OTP.Base32.instance.encode($aSecretKeyBlob)
OTP.Base32.instance.encodeText($aSecretKeyText)
Code from forum
Provide a QR Code with url provided by code
$url:=$otp.provisioningUri("mesopelagique") // otpauth://totp/mesopelagique?secret=JDDK4U6G3BJLEZ7Y
You could generate QR code using javascript or temporary for test using a website like https://www.qr-code-generator.com/, https://www.unitag.io/fr/qrcode, ...
ASSERT($opt.verify(Int(Request("code?")); "Code is not ok")
Due to time drift, time could be different across devices and server and sometimes a code verify could failed.
If you run a business and you’re using one of my projects in a revenue-generating product, it makes business sense to sponsor this open source development
Thank you for your support!