otp 2.2.3 otp: ^2.2.3 copied to clipboard
RFC6238 Time-Based One-Time Password / Google Authenticator Library
dart-otp #
RFC4226/RFC6238 One-Time Password / Google Authenticator Library
Features:
- Generate TOTP (RFC6238) and HOTP (RFC4226) codes.
- Annotated source code
Getting Started #
Pubspec #
pub.dartlang.org: (you can use 'any' instead of a version if you just want the latest always)
dependencies:
otp: 2.2.3
import 'package:otp/otp.dart';
Start generating tokens.
// Generate TOTP code. (String versin of function incase of leading 0)
OTP.generateTOTPCodeString("JBSWY3DPEHPK3PXP", 1362302550000); // -> '637305'
// Generate HOTP Code.
OTP.generateHOTPCodeString("JBSWY3DPEHPK3PXP", 7); // -> '346239'
API #
Notes #
This library does not support any other secret input other than Base32. It is what is used standard most places, and by Google Authenticator. If your secrets are not Base32 forms, please use my Base32 library (the one I use as a dependency for this library) or any other base32 library to encode your secret before passing it into the functions. All generate functions force decode of Base32.
Global Settings #
useTOTPPaddingForHOTP
(bool, default: false)
Uses the TOTP padding method for handling secrets bigger or smaller than the mandatory sizes for SHA256/SHA512.
This is needed as HOTP does not have an official method of using SHA256 or SHA512 in the RFC spec and most libraries don't pad HOTP for use with SHA256 or SHA512. (examples: otplib and speakeasy from Node.js)
If you enable this, it will use the same padding as TOTP (repeating the secret to the right length) but might cause incompatibilies with other libraries. I am defaulting to no padding, as this is the predominant behavior I am finding for HOTP.
OTP.generateTOTPCode(String secret, int currentTime, {int length: 6, int interval: 30, Algorithm algorithm: Algorithm.SHA1, bool isGoogle: true}) #
Generate a code for the provided secret and time.
secret
- (String) A Base32 String.currentTime
- (int) The current time in milliseconds.length
- (int) The length of the resulting code.interval
- (int) Refresh interval to get a new code.algorithm
- (Algorithm) Hashing method.isGoogle
- (bool) flag to turn off secret padding for Google Auth.
Returns an int
code. Does not preserve leading zeros.
OTP.generateTOTPCodeString(String secret, int currentTime, {int length: 6, int interval: 30, Algorithm algorithm: Algorithm.SHA1, bool isGoogle: true}) #
Generate a code for the provided secret and time.
secret
- (String) A Base32 String.currentTime
- (int) The current time in milliseconds.length
- (int) The length of the resulting code.interval
- (int) Refresh interval to get a new code.algorithm
- (Algorithm) Hashing method.isGoogle
- (bool) flag to turn off secret padding for Google Auth.
Returns an String
code. Preserves leading zeros.
OTP.generateHOTPCode(String secret, int counter, {int length: 6}) #
Generate a code for the provided secret and time.
secret
- (String) A Base32 String.counter
- (int) An int counter.length
- (int) the length of the resulting code.
Returns an int
code. Does not preserve leading zeros
OTP.generateHOTPCodeString(String secret, int counter, {int length: 6}) #
Generate a code for the provided secret and time.
secret
- (String) A Base32 String.counter
- (int) An int counter.length
- (int) the length of the resulting code.
Returns an String
code. Preserves leading zeros
OTP.constantTimeVerification(final String code, final String othercode) #
!DISCLAIMER! I can only get this to be within 1 millisecond between different codes and same codes. I have yet to get them to be equal. but 1 millisecond should be an OK room for error though.
Compares 2 codes in constant time to minimize risk of timing attacks.
code
- (String) A Base32 String.othercode
- (String) A Base32 String.
Returns an bool
if they match or not.
Testing #
pub run test
Release notes #
See CHANGELOG.md