A fast and easy-to-use time-based one-time password (TOTP) authentication package for your Flutter application. It is compatible with Google Authenticator, 1Password, LastPass, Microsoft Authenticator and various other authenticator apps.

Auth TOTP Banner

Get Started

Create Secret Key

🔑 This method generates a random secret key, which is used to create verify codes from authentication apps.

String secret = AuthTOTP.createSecret(
    length: 16,
    autoPadding: true,
    secretKeyStyle: SecretKeyStyle.upperLowerCase
);

//output :  xHu6 nh7I D8uI s9B1
  • length : The length of the secret to generate. Must be between 16 and 255, Default is 32.

  • autoPadding : If true, it will create a secret with a letter by 4 sections, Default is false.

  • secretKeyStyle : SecretKeyStyle is used to set the case of the secret key. Default is upperCase.

    • enum SecretKeyStyle
      • upperCase : Secret key will be upper case
      • lowerCase : Secret key will be lower case
      • upperLowerCase : Secret key will be upper and lower both case

This method accepts a single parameter to specify the length of the secret key. By default, it generates a 32-character secret key. The length limit is between 16 to 255 characters.

Verify TOTP Code

✔️ This method verifies a Time-based One-Time Password (TOTP) code using the secret key and the TOTP code generated by your authenticator app.

Use this method after the user has scanned a QR code or entered the secret key into the authentication app. The same secret key generated by createSecret and the TOTP code generated by the authenticator app should be passed here to verify.

bool checkOTP = AuthTOTP.verifyCode({
    secretKey: "secret_key_here",
    totpCode: "totp_code_here_by_user",
    interval: 30
});
  • secretKey: A secret key generate by createSecret method
  • totpCode: The TOTP code entered by the user.
  • interval: Time interval in seconds, default is 30

It will return true if code is correct, otherwise false.

Generate TOTP Code

🚀 This method generates a TOTP code based on the secret key and the time interval. The time interval is specified in seconds.

String generatedTOTPCode = AuthTOTP.generateTOTPCode(
    secretKey: 'secret_key_here',
    interval: 30
);
  • secretKey: A secret key generate by createSecret method
  • interval: Time interval in seconds, ex. 30

As well as you can use this method to verify TOTP code also.

Example Code:-

String generatedTOTPCode = AuthTOTP.generateTOTPCode(
    secretKey: 'secret_key_here',
    interval: 30
);

String inputedOTP = "otp_inputed_by_user";

if(generatedTOTPCode === inputedOTP){
    print("Verified")
} else {
    print("Not Verified")
}

Get QR Code to Scan

📸 This method returns a QR code URL to scan with your authenticator app. It can be used in Image.Network()

String qrCodeUrl =  AuthTOTP.getQRCodeUrl({
    appName: "your app name"
    secretKey: "secret_key_here",
    issuer:"auth_totp"
});

//Image.Network(qrCodeUrl);
  • appName: App name, or any text
  • secretKey: A secret key generate by createSecret method
  • issuer: Issuer name, default is auth_totp

Tested Authenticator Services

🔐

Logo Service Name Status
Google Authenticator
1Password
LastPass
Microsoft Authenticator

Absolutely, it works with all authenticator apps. But feel free to contribute if you have tested it with any other authenticator app.

Full Example

👉 For a complete example, refer to the Auth TOTP package documentation.

Report bugs or issues

🐛 You are welcome to open a ticket on github if any 🐞 problems arise. New ideas are always welcome.

Copyright © 2024 Rohit Chouhan. Licensed under the MIT LICENSE

Libraries

auth_totp