mirror of
https://github.com/Luzifer/nginx-sso.git
synced 2024-12-21 05:11:17 +00:00
71 lines
2.2 KiB
Go
71 lines
2.2 KiB
Go
|
/**
|
||
|
* Copyright 2014 Paul Querna
|
||
|
*
|
||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||
|
* you may not use this file except in compliance with the License.
|
||
|
* You may obtain a copy of the License at
|
||
|
*
|
||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||
|
*
|
||
|
* Unless required by applicable law or agreed to in writing, software
|
||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||
|
* See the License for the specific language governing permissions and
|
||
|
* limitations under the License.
|
||
|
*
|
||
|
*/
|
||
|
|
||
|
// Package otp implements both HOTP and TOTP based
|
||
|
// one time passcodes in a Google Authenticator compatible manner.
|
||
|
//
|
||
|
// When adding a TOTP for a user, you must store the "secret" value
|
||
|
// persistently. It is recommend to store the secret in an encrypted field in your
|
||
|
// datastore. Due to how TOTP works, it is not possible to store a hash
|
||
|
// for the secret value like you would a password.
|
||
|
//
|
||
|
// To enroll a user, you must first generate an OTP for them. Google
|
||
|
// Authenticator supports using a QR code as an enrollment method:
|
||
|
//
|
||
|
// import (
|
||
|
// "github.com/pquerna/otp/totp"
|
||
|
//
|
||
|
// "bytes"
|
||
|
// "image/png"
|
||
|
// )
|
||
|
//
|
||
|
// key, err := totp.Generate(totp.GenerateOpts{
|
||
|
// Issuer: "Example.com",
|
||
|
// AccountName: "alice@example.com",
|
||
|
// })
|
||
|
//
|
||
|
// // Convert TOTP key into a QR code encoded as a PNG image.
|
||
|
// var buf bytes.Buffer
|
||
|
// img, err := key.Image(200, 200)
|
||
|
// png.Encode(&buf, img)
|
||
|
//
|
||
|
// // display the QR code to the user.
|
||
|
// display(buf.Bytes())
|
||
|
//
|
||
|
// // Now Validate that the user's successfully added the passcode.
|
||
|
// passcode := promptForPasscode()
|
||
|
// valid := totp.Validate(passcode, key.Secret())
|
||
|
//
|
||
|
// if valid {
|
||
|
// // User successfully used their TOTP, save it to your backend!
|
||
|
// storeSecret("alice@example.com", key.Secret())
|
||
|
// }
|
||
|
//
|
||
|
// Validating a TOTP passcode is very easy, just prompt the user for a passcode
|
||
|
// and retrieve the associated user's previously stored secret.
|
||
|
// import "github.com/pquerna/otp/totp"
|
||
|
//
|
||
|
// passcode := promptForPasscode()
|
||
|
// secret := getSecret("alice@example.com")
|
||
|
//
|
||
|
// valid := totp.Validate(passcode, secret)
|
||
|
//
|
||
|
// if valid {
|
||
|
// // Success! continue login process.
|
||
|
// }
|
||
|
package otp
|