jotp

OTP (One Time Password) utility in Java. To enable two-factor authentication (2FA) using HMAC-based) or Time-based algorithms.

License

License

GroupId

GroupId

com.amdelamar
ArtifactId

ArtifactId

jotp
Last Version

Last Version

1.3.0
Release Date

Release Date

Type

Type

pom.sha512
Description

Description

jotp
OTP (One Time Password) utility in Java. To enable two-factor authentication (2FA) using HMAC-based) or Time-based algorithms.
Project URL

Project URL

https://amdelamar.com/jotp/
Source Code Management

Source Code Management

https://github.com/amdelamar/jotp/

Download jotp

Dependencies

compile (1)

Group / Artifact Type Version
commons-codec : commons-codec jar 1.8

Project Modules

There are no modules declared in this project.

Jotp

Maven Central Javadoc Build Codecov

OTP (One Time Password) utility in Java. To enable two-factor authentication (2FA) using HMAC-based or Time-based algorithms.

Download

Maven:

<dependency>
    <groupId>com.amdelamar</groupId>
    <artifactId>jotp</artifactId>
    <version>1.3.0</version>
</dependency>

Gradle:

dependencies {
    compile 'com.amdelamar:jotp:1.3.0'
}

SBT:

libraryDependencies ++= Seq(
  "com.amdelamar" % "jotp" % "1.3.0"
)

Or Download the latest release.

Usage

import com.amdelamar.jotp.OTP;
import com.amdelamar.jotp.type.Type;

// Random secret Base32 with 20 bytes (160 bits) length
// (Use this to setup 2FA for new accounts).
String secret = OTP.randomBase32(20);
// Returns: IM4ZL3G5Q66KW4U7PMOQVXQQH3NGOCHQ

// Generate a Time-based OTP from the secret, using Unix-time
// rounded down to the nearest 30 seconds.
String hexTime = OTP.timeInHex(System.currentTimeMillis(), 30);
String code = OTP.create(secret, hexTime, 6, Type.TOTP);

Show the user the QR Code 1

Easiest way to do this is through Goolge APIs, but I plan to add a 'generateImage()' function soon.

QR Image Example https://chart.googleapis.com/chart?chs=200x200&cht=qr&chl=200x200&chld=M|0&cht=qr&chl=otpauth://totp/Example:[email protected]?secret=IM4ZL3G5Q66KW4U7PMOQVXQQH3NGOCHQ&issuer=Example&algorithm=SHA1&digits=6&period=30

After user scans the image with their mobile app we can compare codes.

// Get User's input code for a login...
String userEnteredCode = "123456";

// Verify OTP
if(OTP.verify(secret, userEnteredCode, 6, Type.TOTP)) {
    // Code valid. Login successful.
}

Details

This code currently supports the standard HMAC-based (HOTP RFC 4226) and time-based (TOTP RFC 6238) algorithms for one-time passwords.

It was started as an easy way to enable 2-Factor Authentication for Java based web applications, but it can be applied to other Java applications as well.

Contribute

A project by Austin Delamar based off of Kamron Zafar's work and other contributors.

If you'd like to contribute, feel free to fork and make changes, then open a pull request to master branch.

License

Apache 2.0

1 QR code standard is trademarked by Denso Wave, Inc.

Versions

Version
1.3.0