Open source two-factor authentication for Android

Overview

andOTP - Android OTP Authenticator

Build Status Current release Crowdin Chat - Telegram Chat - Matrix

andOTP

andOTP is a two-factor authentication App for Android 5.1+.

It implements Time-based One-time Passwords (TOTP) and HMAC-Based One-Time Passwords (HOTP). Simply scan the QR code and login with the generated 6-digit code.

This project started out as a fork of the great OTP Authenticator app written by Bruno Bierbaumer, which has sadly been inactive since 2015. By now almost every aspect of the app has been changed/re-written so the fork status of the Github repository got detached upon user request. But all credit for the original version and for starting this project still goes to Bruno!

Help wanted:

I currently don't have that much time to spend developing andOTP, so any contributions are always welcome. Don't worry, I will still continue to develop andOTP it will just slow down from the incredible speed I had going in the beginning.

Features:

  • Free and Open-Source
  • Requires minimal permissions
    • Camera access for QR code scanning
    • Storage access for import and export of the database
  • Encrypted storage with two backends:
    • Android KeyStore
    • Password / PIN
  • Multiple backup options:
    • Plain-text
    • Password-protected
    • OpenPGP-encrypted
  • Sleek minimalistic Material Design with three different themes:
    • Light
    • Dark
    • Black (for OLED screens)
  • Great Usability
  • Compatible with Google Authenticator
  • Supported algorithms:
    • TOTP (Time-based One-time Passwords) as specified in RFC 6238
    • HOTP (HMAC-based One-time Passwords) as specified in RFC 4226

Backups:

To keep your account information as secure as possible andOTP only stores it in encrypted data files. A part of the encryption key used for that is stored in the Android KeyStore system. The advantage of this approach is that the key is kept separate from the apps data and, as a bonus, can be backed by hardware cryptography (if your device supports this).

However, due to that separation, backups with 3rd-party apps like Titanium Backup can not be used with andOTP. Such apps only backup the encrypted data files and not the encryption key, which renders them useless.

Please only use the internal backup functions provided by andOTP to backup your accounts! Everything else WILL result in data loss.

Opening the backups on your PC:

  • OpenPGP: OpenPGP can be used to easily decrypt the OpenPGP-encrypted backups on your PC.
  • WebDecrypt: JavaScript-based decryption of the new password-protected backup format in the browser (source code).
  • andOTP-decrypt: Python script written by @asmw to decrypt the old and new password-protected backup format on your PC.
  • mac2fa: Electron app for macOS that lives in your system tray and generates OTPs from an encrypted backup file.
  • go-andotp: CLI Program written in go to encrypt/decrypt andOTP files on your PC. Decrypted files can be encrypted and imported back to andOTP.

Automatic backups:

  • BroadcastReceivers: AndOTP supports a number of broadcasts to perform automated backups, eg. via Tasker. These will get saved to the defined backup directory. These only work when KeyStore is used as the encryption mechanism
    • org.shadowice.flocke.andotp.broadcast.PLAIN_TEXT_BACKUP: Perform a plain text backup. WARNING: This will save your 2FA tokens onto the disk in an unencrypted manner!
    • org.shadowice.flocke.andotp.broadcast.ENCRYPTED_BACKUP: Perform an encrypted backup of your 2FA database using the selected password in settings.

Migration:

Check out this wiki page to learn about the different ways to migrate to andOTP from other 2FA apps.

Downloads:

Get it on Google Play Get it on F-Droid Get it on GitHub

Warning: All three versions (Google Play, F-Droid and the APKs) are not compatible (not signed by the same key)! You will have to uninstall one to install the other, which will delete all your data. So make sure you have a current backup before switching!

Contribute:

  • Translation: If you want to help translate andOTP into your language head over to the Crowdin project.
  • Bug reports and feature requests: You can report bugs and request features in the Issue tracker on GitHub.
  • Requesting thumbnails: If you are missing a thumbnail you can request it by opening a thumbnail request.
  • Discussion and support:
    • XDA thread (please keep off-topic to a minimum)
    • Telegram group @andOTP (if you just want important updates you can mute the group so you only get notified about pinned messages)
    • Matrix channel #andOTP:tchncs.de

Donations:

If you want to show your appreciation for our work with a small donation you can do so using the following links:

Screenshots:

Light theme:

Main Activity Settings Activity Backup Activity

Dark theme:

Main Activity Settings Activity Backup Activity

Black theme:

Main Activity Settings Activity Backup Activity

Acknowledgments:

Open-source components used:

Code examples used:

Previously used open-source components:

Previously used code examples:

License:

Copyright (C) 2017-2020 Jakob Nixdorf <[email protected]>
Copyright (C) 2015 Bruno Bierbaumer

Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"), to deal in the
Software without restriction, including without limitation the rights to
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
the Software, and to permit persons to whom the Software is furnished to do so,
subject to the following conditions:

The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE
OR OTHER DEALINGS IN THE SOFTWARE.
Comments
  • All tokens are lost after leaving the app

    All tokens are lost after leaving the app

    Password-based encryption:

    This issue is the result of an upstream bug in certain custom ROMs. Since version 0.4.0 everyone facing this problem can switch the database encryption to the new password-based encryption in the Settings, which SHOULD solve it.

    Help wanted:

    Could everyone facing this problem please tell me those things:

    • Model of your phone
    • Which ROM are you using (exact version please)
    • Which Gapps are you using (as well with the exact version)
    • Which method are you using to lock your phone (PIN, Pattern, Swipe, Facelock, Fingerprint, ...)

    You can add those information directly to the wiki or post them here.

    Original issue

    Since the last update all my tokens are gone if i restart the app (or even if it it just moved to the background).

    Steps to reproduce

    1.) add new token via QR-Code scan -> token is listed in the app 2.) go to homescreen 3.) switch to app again

    Expected Behaviour

    added token is still there

    Actual Behaviour

    no token listed

    App Version: 0.2.3 (Play Store) Android Version: 5.0 Device: BQ Aquaris E4.5

    bug help wanted upstream KeyStore 
    opened by Marmo 183
  • [Testing] Password-based encryption

    [Testing] Password-based encryption

    Please report all bugs encountered in the test version for password-based encryption here! Provide a detailed description of how you encountered/reproduced the bug and a logcat!

    Download of the test version:

    • v6 (current, beta): https://cloud.shadowice.org/s/a5RE3UovB6BuFjf
    • v5 (beta): https://cloud.shadowice.org/s/y1Ckm2Ar5ewGBEk
    • v4 (beta): https://cloud.shadowice.org/s/0vdIcBNKBA6wZ4n
    • v3 (beta): https://cloud.shadowice.org/s/0keZJG5jzBIG4st
    • v2 (alpha): https://cloud.shadowice.org/s/Ek6dxFqOyg60nYh
    • v1 (pre-pre-pre-alpha) https://cloud.shadowice.org/s/32vZoc5Qojd53OE

    You will have to uninstall previous versions from F-Droid or Google Play before installing the test version.

    bug enhancement help wanted 
    opened by flocke 75
  • [Question] Which icons should be included in andOTP?

    [Question] Which icons should be included in andOTP?

    Hey guys, it's time to ask for your opinion again.

    @RichyHBM is currently in the process of implementing the ability to assign icons to the entries in andOTP (see #14).

    We decided not to implement an option to manually select icons as this would make storage and backups very large and a lot more complicated. Instead we will be shipping a selection of pre-defined icons with andOTP which can be selected. For that reason we wanted to know:

    Which icons do you want to see shipped with andOTP?

    If you want to help even more please link an icon with your suggestion so I don't have to search every single one myself. Please only use icons that are available as vector graphics, everything else will increase the size of andOTP to much. You can head over to this Github repository to find a large collection of vector icons (searchable website here).

    I will try to collect the suggestions periodically in this first post to give a quick overview. Icons I added to this post will be crossed out of the original post suggesting them.

    Icons to be included

    Icon | License | Comment | Included ----- | ---------- | ------------- | ----------- Amazon | | | ✅ AngelList | CC0-1.0 | | ✅ Apple | CC0-1.0 | | ✅ BattleNet / Blizzard | | | ✅ Bitbucket | CC0-1.0 | | ✅ Bitcoin | CC0-1.0 | | ✅ Bitstamp | | | 🔶 (no vector) Bitwarden | | | 🔶 (no vector) Cloudflare | CC0-1.0 | | ✅ Coinbase | | | ✅ Cozycloud | | to large | ✅ Digital Ocean | CC0-1.0 | | ✅ Discord | CC0-1.0 | | ✅ Dropbox | CC0-1.0 | | ✅ Facebook | CC0-1.0 | | ✅ Git | CC0-1.0 | generic | ✅ Github | CC0-1.0 | | ✅ GitLab | CC0-1.0 | | ✅ Google | CC0-1.0 | | ✅ IFTTT | CC0-1.0 | | ✅ Kickstarter | CC0-1.0 | | ✅ LastPass | | | ✅ Mailgun | CC0-1.0 | | ✅ Mastodon | | too large | ✅ Microsoft| CC0-1.0 | only the icon | ✅ Origin | | | ✅ Nextcloud | | | ✅ Paypal | CC0-1.0 | | ✅ Protonmail | | too large | ✅ RSS-Feeds | | | ✅ Slack | CC0-1.0 | | ✅ Steam | CC0-1.0 | | ✅ Stripe | CC0-1.0 | | ✅ Twitch | CC0-1.0 | | ✅ Twitter | CC0-1.0 | | ✅ WordPress | CC0-1.0 | | ✅

    Icons without image (yet)

    • ArenaNet
    • Hurricane Electric
    • Teamviewer
    • Ubisoft
    help wanted question 
    opened by flocke 60
  • andOTP generating invalid codes

    andOTP generating invalid codes

    General information

    • App version: 0.6.1
    • App source: F-Droid but I have also tried with the Google Play version
    • Android Version: 4.4.2
    • Custom ROM: No

    Expected result

    What is expected? The code is accepted by the service and 2FA enabled What does happen instead? Every service gives a similar error message: "Invalid code" or, in GitHub's case, "Two-factor code verification failed. Please try again."

    Logcat

    https://pastebin.com/d3VPLBZq
    

    Captured on Linux with adb logcat | grep -i "org.shadowice.flocke.andotp"

    Steps to reproduce

    • Create a new (or reuse an existing) account with services that offer 2FA TOTP
    • Scan the QR code or manually input the secret
    • Use the code provided by andOTP to enable 2FA

    I have also already manually setting my timezone and time on both the phone and the computer to no avail. I have also looked at #269

    bug 
    opened by ghost 38
  • Removed from the Google Play Store

    Removed from the Google Play Store

    andOTP was recently removed from the Google Play Store for violating their payment terms. This is most likely due to the fact that we offer in-app donation links that DO NOT use Googles In-App billing, which is against their terms.

    As a first step to get it back on Google Play I will try to provide a build flavor without donation links. The second step would be to (maybe) include Google Play In-App billing in that flavor, but I'm not sure I want to do that.

    Please share your opinions on this!

    help wanted question 
    opened by flocke 32
  • Have an icon or picture for each entry

    Have an icon or picture for each entry

    In order to quickly select the right entry or simply view the associated OTP in a faster way it would be nice to have a user selectable little icon/picture for each line.

    enhancement 
    opened by alphazo 28
  • Consider using an upstream icon package

    Consider using an upstream icon package

    Idea reposted from Telegram. Please feel free to edit this issue's title/description.

    Preparing and optimising icons doesn't really have much to do with TOTP. If possible, it might be a good idea to investigate outsourcing the icon maintenance to a third party.

    There are several interesting icon projects around, one nice example is SuperTinyIcons: https://github.com/edent/SuperTinyIcons

    This solves two problems:

    • You can just close tickets about icons and redirect people upstream. Resolves maintenance issues like existing icon consistency: https://github.com/andOTP/andOTP/issues/365
    • If the icon package is kept updated and new versions are pulled into andOTP regularly for releases then people will continue to get new icons available in the core without having to use custom icons.
    enhancement thumbnail 
    opened by xM8WVqaG 22
  • Fingerprint doesn't unlock the app

    Fingerprint doesn't unlock the app

    General information

    • App version: 0.6.1
    • App source: Google Play
    • Android Version: 9
    • Custom ROM: No

    Expected result

    What is expected? That I'm prompted for fingerprint first when selecting Device Credentials and if that fails I'm optionally asked for a PIN.

    What does happen instead? Both the PIN keypad and the fingerprint icon appear, scanning the fingerpint has no effect and I always have to enter the PIN

    Steps to reproduce

    • Install the app
    • Switch encryption to Android KeyStore
    • Switch authentication to device credentials
    • Launch the app
    maybe more information required KeyStore 
    opened by TaaviE 22
  • Fails to add entry via QR-Code

    Fails to add entry via QR-Code

    General information

    • App version: 0.5.0.1 & 0.6.0-beta2
    • App source: F-Droid
    • Android Version: 7.1.2
    • Custom ROM: ResurrectionRemix v5.8.5

    Expected result

    What is expected? The app fails to add a new entry via scanning the qr-code. I've added all my previous entries on version 0.4.x without any problem. My os has not changed since then, so i assume its some internal problem.

    After scanning the qr-code the error "Verschlüsselungsschlüssel nicht geladen (encryption key was not loaded)" is displayed. However I can add new entries if I configure them manually, so there seems to be no problem with encrypting the database.

    What I tried so far

    • Reset the cache
    • Clear the KeyStore

    LogCat

    Im not that familiar with android debugging, so here a excessive Log. https://pastebin.com/5419mBKB

    bug help wanted more information required 
    opened by Masgalor 21
  • Language switcher doesn't work

    Language switcher doesn't work

    So I noticed that when I switch languages from the settings page, the screen of andOTP flashes but yet nothing happens, the language still remains in English, it just doesn't switch! Could this be a bug or what? Am quite confused 😕 because I noticed the strings for other languages exist in the source of andOTP but it doesn't work within the app, why?

    bug 
    opened by enwokoma 21
  • Save button should be always disabled until a secret key is entered

    Save button should be always disabled until a secret key is entered

    When I try to mess around with the app by clicking on Save without actually inputting the secret key, the app just crashes and trying to restart the app, it keeps crashing on startup, so only option is to clear the app's data which shouldn't be so, I think it's rather better to maybe disable the save button when the edittext fields are still empty so as to prevent the crash from happening for people that might click save button by mistake!

    opened by enwokoma 19
  • [Thumbnail] Team Password Manager

    [Thumbnail] Team Password Manager

    Name: Team Password Manager Website: https://teampasswordmanager.com/ Link to SVG or EPS image: logo team-password-manager traced export (I traced/recreated this from their ~60px bitmap logo, as I couldn't find vector graphics anywhere — so it is far from an official version.)

    enhancement thumbnail 
    opened by sudo42 0
  • Unable to create GPG backups since some versions

    Unable to create GPG backups since some versions

    Links to: https://github.com/andOTP/andOTP/issues/995

    General information

    • App version: 0.9.0.1-play
    • App source: Google Play
    • Android Version: 12
    • Custom ROM: No (MIUI 13.0.3 Stable)

    Expected result

    Allow me to click the backup button and the modal will ask me the key to use

    ℹ️ It was working in previous versions, I have backups since august of 2019 until august of 2021. Not clear when it started to be broken. I appears I started doing AES backups instead in march of 2022.

    What does happen instead?

    No modal, unable to click on backup button. It says I have selected not provider.

    Steps to reproduce

    Steps:

    • Install OpenKeychain
    • Load a key in the OpenKeychain app
    • Go to the andOTP app
    • Select OpenKeychain as a provider
    • Suspicious bug number 1: in the menu it says that a key was selected (impossible because the provider was just set)
    • Go to backup
    • Selected GPG
    • It says that I must select a provider in settings

    If you want to be allowed to created a buggy backup then after selecting a provider follow https://github.com/andOTP/andOTP/issues/995 and just add some text in the key email setting

    new issue 
    opened by williamdes 0
  • Empty GPG backup file

    Empty GPG backup file

    General information

    • App version: 0.9.0.1-play
    • App source: Google Play
    • Android Version: 12
    • Custom ROM: No (MIUI 13.0.3 Stable)

    Expected result

    Create a GPG backup file that is not empty

    What does happen instead?

    It creates an empty backup file making the user think it did work (how dangerous !)

    Steps to reproduce

    Steps:

    • Install OpenKeychain
    • Load a key in the OpenKeychain app
    • Set a non valid email for the a key in the OpenKeychain app
    • Backup and see that the file is empty
    • Set a valid email
    • Backup and see that the file is also empty
    new issue 
    opened by williamdes 0
  • Tag counters

    Tag counters

    Is your feature request related to a problem? Please describe. No

    Describe the solution you'd like To be able to view a the number of tokens associated with each tag in the tags drawer, such as putting the count in parenthesis in the list of tags e.g. "Some Tag (4)"

    Describe alternatives you've considered None

    Additional context I made a test implementation on my own branch here: https://github.com/ian-collier-osu/andOTP/tree/a4. However I'm not sure creating a new object for Tags is the best way to work around having no tag database entity.

    enhancement help wanted good first issue 
    opened by ian-collier-osu 0
  • [Thumbnail] MyAnimeList

    [Thumbnail] MyAnimeList

    Name: MyAnimeList Website: https://myanimelist.net/ Link to SVG or EPS image: https://drive.google.com/file/d/1pn1Y0Egn_aGdgPnJRLFDZcNzkwdsvZLe/view?usp=sharing

    I could not find any official SVG/EPS image. The image linked is manually traced from here using Inkscape.

    enhancement thumbnail 
    opened by samiksome92 2
Releases(v0.9.0.1)
  • v0.9.0.1(Jun 15, 2021)

  • v0.9.0(Jun 6, 2021)

    • New feature: Option to focus search on start (Issue #654,PR #658 by @mchllngr)
    • New feature: Option to disable Android sync (Google Drive backup) during initial setup (Issue #620, PR #622 by @RichyHBM)
    • New feature: Option to automatically unlock the app after the credentials have been auto-filled (PR #657 by @mchllngr)
    • New feature: Option to globally hide the issuer (Issue #678, PR #758 by @Ullas-Aithal)
    • New feature: Option for multi-line labels (Issue #699)
    • New feature: Automatic theme selection for Android 10+ (Issue #394, PR #418 by @Ullas-Aithal)
    • New feature: Allow editing digits, period and counter for existing entries (Issue #694)
    • New feature: mOTP support (Issue #142, PR #617 by @mantinan)
    • New feature: Show a warning if the automatic time setting is disable on the phone (Issue #285 and #777)
    • New feature: Share OTP token as keystrokes (PR #693 by @DanielWeigl)
    • New feature: Option to show previous token (Issue #506)
    • Improvement: Perform authentication in the background to improve responsiveness (Issue #635, PR #738 by @jsoberg)
    • Improvement: Backups are now performed in background tasks to improve responsiveness and work around problems with some storage providers (e.g. Nextcloud)
    • Improvement: Show simple instructions and hide the timeout bar if there are no accounts (Issue #745 and #746, PR #747 by @Ullas-Aithal)
    • Improvement: Pressing ENTER on a physical keyboard now finishes certain tasks (Issue #590, PR #661 by @mchllngr)
    • Improvement: Use a font with slashed zero for the account secrets (Issue #665, PR #772 by @Ullas-Aithal)
    • Improvement: Auto-select the thumbnail if the name appears as part of the issuer (Issue #685, PR #687 by @mavit)
    • Improvement: Force a minimum password length for backups (Issue #770, PR #771 by @Ullas-Aithal)
    • Improvement: Automatically update the thumbnail when changing the issuer of an entry (Issue #553)
    • Improvement: Try harder to decode QR codes from images (Issue #790, PR #792 by @ziegenberg)
    • Improvement: Perform a short benchmark to determine the iterations to use for unlocking the database (Issue #778)
    • Bugfix: Switch keyboard when changing auth type during setup (Issue #740, PR #741 by @jsoberg)
    • Bugfix: Show correct message on password mismatch during setup (PR #774 by @brainynai)
    • Bugfix: Validate password before saving settings during setup to avoid empty passwords (Issue #593)
    • Bugfix: Fix scanning QR codes on Android 11+ (Issue #806, PR #807 by @ziegenberg)
    • Bugfix: Fix OpenKeychain detection on Android 11+ (Issue #825)
    • Bugfix: Don't require authentication after attaching a physical keyboard (Issue #592)
    • Bugfix: Fix crash during thumbnail selection with empty issuer
    • Internal: Performance and stability improvements for the main token list (fixes #346 as well)
    • Internal: Upgrade Gradle, build tools and dependencies
    • Internal: Perform key-generation during setup in a background task
    • Internal: Perform credentials change in the settings in a background task
    • Internal: Perform encryption change in the settings in a background task
    • Internal: Use our own NumberPickerPreference class
    • Thumbnails: LOTS of new thumbnails (thanks to all contributors)
    • Translations: Indonesian, Serbian and Slovak (thanks to all contributors on Crowdin)
    Source code(tar.gz)
    Source code(zip)
    andOTP_v0.9.0.apk(7.03 MB)
  • v0.9.0-beta2(May 6, 2021)

    • Bugfix: Fix scanning QR codes on Android 11+ (Issue #806, PR #807 by @ziegenberg)
    • Bugfix: Fix OpenKeychain detection on Android 11+ (Issue #825)
    • Bugfix: Don't require authentication after attaching a physical keyboard (Issue #592)
    • Bugfix: Fix crash during thumbnail selection with empty issuer
    Source code(tar.gz)
    Source code(zip)
    andOTP_v0.9.0-beta2.apk(6.87 MB)
  • v0.9.0-beta1(Apr 8, 2021)

    • New feature: Option to focus search on start (Issue #654,PR #658 by @mchllngr)
    • New feature: Option to disable Android sync (Google Drive backup) during initial setup (Issue #620, PR #622 by @RichyHBM)
    • New feature: Option to automatically unlock the app after the credentials have been auto-filled (PR #657 by @mchllngr)
    • New feature: Option to globally hide the issuer (Issue #678, PR #758 by @Ullas-Aithal)
    • New feature: Option for multi-line labels (Issue #699)
    • New feature: Automatic theme selection for Android 10+ (Issue #394, PR #418 by @Ullas-Aithal)
    • New feature: Allow editing digits, period and counter for existing entries (Issue #694)
    • New feature: mOTP support (Issue #142, PR #617 by @mantinan)
    • New feature: Show a warning if the automatic time setting is disable on the phone (Issue #285 and #777)
    • New feature: Share OTP token as keystrokes (PR #693 by @DanielWeigl)
    • New feature: Option to show previous token (Issue #506)
    • Improvement: Perform authentication in the background to improve responsiveness (Issue #635, PR #738 by @jsoberg)
    • Improvement: Backups are now performed in background tasks to improve responsiveness and work around problems with some storage providers (e.g. Nextcloud)
    • Improvement: Show simple instructions and hide the timeout bar if there are no accounts (Issue #745 and #746, PR #747 by @Ullas-Aithal)
    • Improvement: Pressing ENTER on a physical keyboard now finishes certain tasks (Issue #590, PR #661 by @mchllngr)
    • Improvement: Use a font with slashed zero for the account secrets (Issue #665, PR #772 by @Ullas-Aithal)
    • Improvement: Auto-select the thumbnail if the name appears as part of the issuer (Issue #685, PR #687 by @mavit)
    • Improvement: Force a minimum password length for backups (Issue #770, PR #771 by @Ullas-Aithal)
    • Improvement: Automatically update the thumbnail when changing the issuer of an entry (Issue #553)
    • Improvement: Try harder to decode QR codes from images (Issue #790, PR #792 by @ziegenberg)
    • Improvement: Perform a short benchmark to determine the iterations to use for unlocking the database (Issue #778)
    • Bugfix: Switch keyboard when changing auth type during setup (Issue #740, PR #741 by @jsoberg)
    • Bugfix: Show correct message on password mismatch during setup (PR #774 by @brainynai)
    • Bugfix: Validate password before saving settings during setup to avoid empty passwords (Issue #593)
    • Internal: Performance and stability improvements for the main token list (fixes #346 as well)
    • Internal: Upgrade Gradle, build tools and dependencies
    • Internal: Perform key-generation during setup in a background task
    • Internal: Perform credentials change in the settings in a background task
    • Internal: Perform encryption change in the settings in a background task
    • Internal: Use our own NumberPickerPreference class
    • Thumbnails: LOTS of new thumbnails (thanks to all contributors)
    Source code(tar.gz)
    Source code(zip)
    andOTP_v0.9.0-beta1.apk(6.88 MB)
  • v0.8.0(Oct 28, 2020)

    • New feature: Storage Access Framework (remove all manual storage permissions and use the SAF everywhere)
    • New feature: New setting to block autofill access to important fields (Issue #493)
    • Improvement: Improve some English strings (Issue #149, PR #571 and #576 by @jsoberg)
    • Improvement: Don't automatically backup when updating last used or when moving cards
    • Improvement: Enable the "append date to backups" option by default
    • Improvement: Strip issuer from the label when adding via URL/QR code (Issue #551, PR #560 by @shivasheeshyadav)
    • Improvement: Remove the "new backup format warning" (has been there long enough)
    • Improvement: Show requirements for auto backups in the settings (Issue #492)
    • Improvement: Fix some accessibility issues (Issue #498)
    • Improvement: Toggle show/hide of a password confirmation field together with the password field (Issue #638, PR #641 by @jsoberg)
    • Improvement: Decoding of secrets with an invalid Base32 encoding (Issue #600)
    • Bug fix: Make the automatic thumbnail selection case insensitive (Issue #564)
    • Bug fix: Validate Integer input for counter, digits and period (Issue #569, PR #570 by @jsoberg)
    • Bug fix: Visibility of the password confirmation field (Issue #580, PR #582 by @jsoberg)
    • Bug fix: Crash when clicking on an entry multiple times (Issue #631, PR #634 by @jsoberg)
    • Bug fix: Crash during settings changes (Issue #639, PR #640 by @jsoberg)
    • Bug fix: Don't use regionalized language codes (Issue #567)
    • Bug fix: Report backup failure correctly (Issue #671)
    • Internal: Update Gradle, build tools and dependencies
    • Internal: Min API Level set to 22 (Lollipop 5.1)
    • Internal: Refactoring and reducing build warnings
    • Thumbnails: Lots of new ones (thanks to all contributors)
    Source code(tar.gz)
    Source code(zip)
    andOTP_v0.8.0.apk(6.37 MB)
  • v0.8.0-beta2(Sep 27, 2020)

    • Improvement: Toggle show/hide of a password confirmation field together with the password field (Issue #638, PR #641 by @jsoberg)
    • Improvement: Decoding of secrets with an invalid Base32 encoding (Issue #600)
    • Bug fix: Crash when clicking on an entry multiple times (Issue #631, PR #634 by @jsoberg)
    • Bug fix: Crash during settings changes (Issue #639, PR #640 by @jsoberg)
    • Bug fix: Don't use regionalized language codes (Issue #567)
    • Internal: Update Gradle, build tools and dependencies
    Source code(tar.gz)
    Source code(zip)
    andOTP_v0.8.0-beta2.apk(6.26 MB)
  • v0.8.0-beta1(Jul 7, 2020)

    • New feature: Storage Access Framework (remove all manual storage permissions and use the SAF everywhere)
    • New feature: New setting to block autofill access to important fields (Issue #493)
    • Improvement: Improve some English strings (Issue #149, PR #571 and #576 by @jsoberg)
    • Improvement: Don't automatically backup when updating last used or when moving cards
    • Improvement: Enable the "append date to backups" option by default
    • Improvement: Strip issuer from the label when adding via URL/QR code (Issue #551, PR #560 by @shivasheeshyadav)
    • Improvement: Remove the "new backup format warning" (has been there long enough)
    • Improvement: Show requirements for auto backups in the settings (Issue #492)
    • Improvement: Fix some accessibility issues (Issue #498)
    • Bug fix: Make the automatic thumbnail selection case insensitive (Issue #564)
    • Bug fix: Validate Integer input for counter, digits and period (Issue #569, PR #570 by @jsoberg)
    • Bug fix: Visibility of the password confirmation field (Issue #580, PR #582 by @jsoberg)
    • Internal: Update Gradle and build tools
    • Internal: Min API Level set to 22 (Lollipop 5.1)
    • Internal: Refactoring and reducing build warnings
    • Thumbnails: Lots of new ones (thanks to all contributors)
    Source code(tar.gz)
    Source code(zip)
    andOTP_v0.8.0-beta1.apk(6.24 MB)
  • v0.7.1.1(May 26, 2020)

  • v0.7.1(May 25, 2020)

    • Deprecation notice: This will be the last version to support Android versions below 5.1
    • New feature: Show QR codes of stored accounts (PR #501 by @tilosp)
    • New feature: Support Steam URIs (Issue #510)
    • New feature: Move Steam out of the Special features
    • New feature: Unify the edit dialog for entries (Issue #241)
    • New feature: Add an option to hide the global timeout bar (Issue #166)
    • New feature: Add an option to show individual timeout bars for all cards (Issue #166)
    • New feature: Add options to configure single and double taps on entries (Issue #489)
    • Improvement: Increase the iterations for the password generation to 150000
    • Improvement: Show cards as transparent while dragging (Issue #487, PR #488 by @Ullas-Aithal)
    • Improvement: Rewording of the last used dialog (Issue #485)
    • Improvement: Handle the back key to close open drawers or the FAB overlay (Issue #499)
    • Improvement: Validate secrets during manual entry (Issue #500)
    • Bug fix: Fix some remaining issues with the intro dialog (Issue #486)
    • Bug fix: Fix images containing gradients on API versions below 24 (Issue #539)
    • Thumbnails: Lots of new ones (thanks to all contributors)
    • Translations: Bulgarian (thanks to all the contributors on Crowdin)
    Source code(tar.gz)
    Source code(zip)
    andOTP_v0.7.1.apk(6.14 MB)
  • v0.7.1-beta2(May 15, 2020)

  • v0.7.1-beta1(May 7, 2020)

    • Deprecation notice: This will be the last version to support Android versions below 5.1
    • New feature: Show QR codes of stored accounts (PR #501 by @tilosp)
    • New feature: Support Steam URIs (Issue #510)
    • New feature: Move Steam out of the Special features
    • New feature: Unify the edit dialog for entries (Issue #241)
    • New feature: Add an option to hide the global timeout bar (Issue #166)
    • New feature: Add an option to show individual timeout bars for all cards (Issue #166)
    • New feature: Add options to configure single and double taps on entries (Issue #489)
    • Improvement: Increase the iterations for the password generation to 150000
    • Improvement: Show cards as transparent while dragging (Issue #487, PR #488 by @Ullas-Aithal)
    • Improvement: Rewording of the last used dialog (Issue #485)
    • Improvement: Handle the back key to close open drawers or the FAB overlay (Issue #499)
    • Improvement: Validate secrets during manual entry (Issue #500)
    • Bug fix: Fix some remaining issues with the intro dialog (Issue #486)
    Source code(tar.gz)
    Source code(zip)
    andOTP_v0.7.1-beta1.apk(5.98 MB)
  • v0.7.0(Mar 1, 2020)

    • New feature: Generate a new HOTP token when revealing (Issue #334, PR #366 by @moritzgloeckl)
    • New feature: Split issuer and label (Issue #258, PR #372 by @lucavallerini)
    • New feature: Automatic thumbnail selection based on the issuer (Issue #388, PR #389 by @schwedenmut)
    • New feature: Allow searching the tags and issuers in addition to the label (Issue #327)
    • New feature: Turn tokens red if they are about to expire (Issue #311, PR #410 by @Ullas-Aithal)
    • New feature: Handle otpauth:// intents from other apps (Issue #324, PR #393 by @schwedenmut)
    • New feature: Create an encrypted backup every time the entries are changed (PR #397 and PR #421 by @RichyHBM)
    • New feature: Different layouts for the entry cards (compact, default and full)
    • New feature: New thumbnail size "Tiny"
    • New feature: Block accessibility services from seeing sensitive input fields via a new settings item
    • New feature: Import QR codes from image files (Issue #377, PR #425 by @Ullas-Aithal)
    • New feature: Move the app to the background after copying a token (Issue #373, PR #392 by @Ullas-Aithal)
    • New feature: Re-lock the app after a certain time of inactivity (Issue #28, PR #390 by @LizardWithHat)
    • New feature: Re-lock when being send to the background (Issue #216)
    • New feature: Sort tokens by "most used" (Issue #443, PR #467 by @Ullas-Aithal)
    • Improvement: Hide the token list on screen off (Issue #264, PR #390 by @LizardWithHat)
    • Improvement: Scale the font of the default thumbnail with its size
    • Improvement: Do not use auto-completion for the account secret (PR #430 by @duchampdev)
    • Improvement: Enable Android backup by default (Issue #341, PR #342 by @RichyHBM)
    • Improvement: Remove whitespaces from manually entered secrets (Issue #253, PR #426 by @Ullas-Aithal)
    • Improvement: Fallback method for opening backup files (based on PR #358 by @theobch)
    • Improvement: Allow the backup directory to be set independent of the "ask for filename" setting
    • Bug fix: Fix black navigation bar on OxygenOS devices (PR #417 by @Ullas-Aithal)
    • Internal: Migrate to AndroidX
    • Internal: Update Gradle and a lot of dependencies
    • Thumbnails: Lots of new ones (thanks to all contributors)
    • Translations: Greek, Hindi (thanks to all the contributors on Crowdin)
    Source code(tar.gz)
    Source code(zip)
    andOTP_v0.7.0.apk(5.97 MB)
  • v0.7.0-beta1(Feb 4, 2020)

    • New feature: Generate a new HOTP token when revealing (Issue #334, PR #366 by @moritzgloeckl)
    • New feature: Split issuer and label (Issue #258, PR #372 by @lucavallerini)
    • New feature: Automatic thumbnail selection based on the issuer (Issue #388, PR #389 by @schwedenmut)
    • New feature: Allow searching the tags and issuers in addition to the label (Issue #327)
    • New feature: Turn tokens red if they are about to expire (Issue #311, PR #410 by @Ullas-Aithal)
    • New feature: Handle otpauth:// intents from other apps (Issue #324, PR #393 by @schwedenmut)
    • New feature: Create an encrypted backup every time the entries are changed (PR #397 and PR #421 by @RichyHBM)
    • New feature: Different layouts for the entry cards (compact, default and full)
    • New feature: New thumbnail size "Tiny"
    • New feature: Block accessibility services from seeing sensitive input fields via a new settings item
    • New feature: Import QR codes from image files (Issue #377, PR #425 by @Ullas-Aithal)
    • New feature: Move the app to the background after copying a token (Issue #373, PR #392 by @Ullas-Aithal)
    • New feature: Re-lock the app after a certain time of inactivity (Issue #28, PR #390 by @LizardWithHat)
    • New feature: Re-lock when being send to the background (Issue #216)
    • New feature: Sort tokens by "most used" (Issue #443, PR #467 by @Ullas-Aithal)
    • Improvement: Hide the token list on screen off (Issue #264, PR #390 by @LizardWithHat)
    • Improvement: Scale the font of the default thumbnail with its size
    • Improvement: Do not use auto-completion for the account secret (PR #430 by @duchampdev)
    • Improvement: Enable Android backup by default (Issue #341, PR #342 by @RichyHBM)
    • Improvement: Remove whitespaces from manually entered secrets (Issue #253, PR #426 by @Ullas-Aithal)
    • Improvement: Fallback method for opening backup files (based on PR #358 by @theobch)
    • Improvement: Allow the backup directory to be set independent of the "ask for filename" setting
    • Bug fix: Fix black navigation bar on OxygenOS devices (PR #417 by @Ullas-Aithal)
    • Internal: Migrate to AndroidX
    • Internal: Update Gradle and a lot of dependencies
    • Thumbnails: Lots of new ones (thanks to all contributors)
    Source code(tar.gz)
    Source code(zip)
    andOTP_v0.7.0-beta1.apk(5.54 MB)
  • v0.6.3.1(Oct 19, 2019)

  • v0.6.3(Oct 6, 2019)

    • Security: Improved password derivation for the password protected backups
    • New feature: Prevent screencapture in the Authentication and QR scanner screen (Issue #378, PR #386 by @schwedenmut)
    • New feature: Color navbar according to the theme (Issue #284, PR #371 by @HarryJohnso)
    • Bug fix: Fix "all tags" only selecting visible tags (Issue #333, PR #350 by @RichyHBM)
    • Bug fix: Focus the password/PIN input field on start (Issue #356, PR #357 by @schwedenmut)
    • Bug fix: Fix spelling of "QR code" (PR #368 by @yegortimoshenko)
    • Bug fix: Always use arabic numerals for the tokens (Issue #359)
    • Bug fix: Refactor storage access code to allow importing and exporting from cloud storage directly
    • Bug fix: Hardcode the black background color to avoid strange behaviour on some custom ROMs
    • Bug fix: Force English locales for saving AuthMethod
    • Misc: Update donation links (PR #351)
    • Thumbnails: Lots of new thumbnails
    • Translations: Hungarian
    Source code(tar.gz)
    Source code(zip)
    andOTP_v0.6.3.apk(5.58 MB)
  • v0.6.3-beta1(Sep 20, 2019)

    • Security: Improved password derivation for the password protected backups
    • New feature: Prevent screencapture in the Authentication and QR scanner screen (Issue #378, PR #386 by @schwedenmut)
    • New feature: Color navbar according to the theme (Issue #284, PR #371 by @HarryJohnso)
    • Bug fix: Fix "all tags" only selecting visible tags (Issue #333, PR #350 by @RichyHBM)
    • Bug fix: Focus the password/PIN input field on start (Issue #356, PR #357 by @schwedenmut)
    • Bug fix: Fix spelling of "QR code" (PR #368 by @yegortimoshenko)
    • Bug fix: Always use arabic numerals for the tokens (Issue #359)
    • Bug fix: Refactor storage access code to allow importing and exporting from cloud storage directly
    • Bug fix: Hardcode the black background color to avoid strange behaviour on some custom ROMs
    • Misc: Update donation links (PR #351)
    • Thumbnails: Lots of new thumbnails
    Source code(tar.gz)
    Source code(zip)
    andOTP_v0.6.3-beta1.apk(5.54 MB)
  • v0.6.2(May 28, 2019)

    • Bug fix: Proper handling of RTL layouts by forcing LTR for the tokens (PR #280 by @ahangarha)
    • Internal: Image compression (thanks to @Peppernrino)
    • Thumbnail: Add a LOT of new thumbnails (thanks to everybody that contributed)
    • Translation: New Arabic, Traditional Chinese, Japanese, Persian and Swedish translations (thanks to all contributors on Crowdin)
    Source code(tar.gz)
    Source code(zip)
    andOTP_v0.6.2.apk(5.21 MB)
  • v0.6.1(Dec 5, 2018)

    • New feature: Enable Android Backup by default if available and using the password encryption (PR #252)
    • Bug fix: Fix crash in the manual entry dialog on KitKat
    • Bug fix: Fix thumbnail generation on KitKat
    • Thumbnail: Add MediaWiki (PR #246 by @MeLlamoPablo)
    Source code(tar.gz)
    Source code(zip)
    andOTP_v0.6.1.apk(4.71 MB)
  • v0.6.0(Oct 26, 2018)

    • New feature: HOTP support
    • New feature: Settings item to activate Broadcast backups
    • New feature: Re-locking of the app on screen off is now optional (Issue #28)
    • New feature: Allow PGP backups with only a public key (Issue #31)
    • New feature: Show individual timeout bars on the cards for non-default periods
    • New feature: App shortcuts to add new entries (Issue #185)
    • New feature: Ask for the backup password if it's not available (Issue #182)
    • New feature: Allow installation on external storage (PR #206 by @leggewie)
    • Bug fix: Avoid crash on empty PIN/Password an API 23 (Issue #159, PR #160 by magnus anderssen)
    • Bug fix: Honor the system accessibility settings for the font size (Issue #71, PR #192 by @mbertram)
    • Bug fix: Make the new entry dialog scrollable (Issue #196)
    • Bug fix: Fix autofill of the password fields (Issue #215, PR #218 by @z3ntu)
    • Bug fix: Extend thumbnail generation to non-latin letters and digits (PR #234 by @jeandeaual)
    • Bug fix: Show new entries at the top of the list when using last used sorting (Issue #211)
    • Bug fix: Fix a crash on the settings page (Issue #197)
    • Internal: Replace custon FAB menu with Floating Action Button Speed Dial library (Issue #155 and #186)
    • Style/UI: Use AboutLibraries instead of LicenseDialog and rework the About section (Issue #155)
    • Style/UI: Show a disclaimer about the included thumbnails in the About screen
    • Update: ZXing Android Embedded (3.6.0), Constraint Layout (1.1.2) and all support libraries (27.1.1)
    • F-Droid: Add the feature graphic and some screenshots (PR #117 by @jaller94)
    • Thumbnails: lots of new thumbnails (see the wiki)
    Source code(tar.gz)
    Source code(zip)
    andOTP_v0.6.0.apk(4.63 MB)
  • v0.6.0-beta3(Jun 27, 2018)

    • New feature: App shortcuts to add new entries (Issue #185)
    • Bug fix: Honor the system accessibility settings for the font size (Issue #71, PR #192 by @mbertram)
    • Internal: Replace FABsMenu with Floating Action Button Speed Dial library (Issue #186)
    • Update: some dependency updates
    Source code(tar.gz)
    Source code(zip)
    andOTP_v0.6.0-beta3.apk(4.42 MB)
  • v0.6.0-beta2(May 22, 2018)

    • New feature: Allow PGP backups with only a public key (Issue #31)
    • New feature: Show individual timeout bars on the cards for non-default periods
    • Style/UI: Show a disclaimer about the included thumbnails in the About screen
    • F-Droid: Add the feature graphic and some screenshots (PR #117 by @jaller94)
    • Thumbnails: lots of new thumbnails (see the wiki)
    Source code(tar.gz)
    Source code(zip)
    andOTP_v0.6.0-beta2.apk(4.38 MB)
  • v0.6.0-beta1(Apr 19, 2018)

    • New feature: HOTP support
    • New feature: Settings item to activate Broadcast backups
    • New feature: Re-locking of the app on screen off is now optional (Issue #28)
    • Bug fix: Avoid crash on empty PIN/Password an API 23 (Issue #159, PR #160 by magnus anderssen)
    • Internal: Replace custon FAB menu with FABsMenu library (Issue #155)
    • Style/UI: Use AboutLibraries instead of LicenseDialog and rework the About section (Issue #155)
    • Update: ZXing Android Embedded (3.6.0), Constraint Layout (1.1.0) and all support libraries (27.1.1)
    • Thumbnails: new thumbnails (see the wiki)
    Source code(tar.gz)
    Source code(zip)
    andOTP_v0.6.0-beta1.apk(4.28 MB)
  • v0.5.0.1(Mar 15, 2018)

  • v0.5.0(Mar 12, 2018)

    • New feature: Intro screen when staring the app for the first time to setup encryption and authentication
    • New feature: Broadcast receivers to trigger backups from Tasker (PR #115)
    • New feature: Add support for using Android Backup (Issue #109, PR #111)
    • New feature: Optionally append date to backups (PR #124)
    • New feature: Check if entries are valid when entering manually (Issue #135, PR #136 by Björn Richter)
    • New feature: Offer different options when using the tag selection (Issue #133, PR #134)
    • New feature: Show a warning before changing the encryption
    • Bug fix: Fix crash when saving an empty label (Issue #138, PR #139 by Björn Richter)
    • Bug fix: Fix visibility of thumbnails in dark themes (Issue #88, PR #90)
    • Bug fix: Don't require credentials again after screen rotation (Issue #152)
    • Thumbnails: new thumbnails (see the wiki)
    Source code(tar.gz)
    Source code(zip)
  • v0.4.0.1(Feb 1, 2018)

    This release fixes a critical but while migrating old passwords to the new storage scheme. With this bug the wrong value was saved effectively locking the user out of the app. The only way to fix this is to reset the apps data and set everything up again.

    Source code(tar.gz)
    Source code(zip)
    andOTP_v0.4.0.1.apk(5.61 MB)
  • v0.4.0(Jan 31, 2018)

    This release contains a pretty big bug that all the testing didn't seem to find. I will upload a fixed version soon.

    • New feature: Password-based encryption (a big thanks to all the testers)
    • New feature: Enforce a minimum password / PIN length (Issue #107)
    • New feature: Add an additional unlock button to the authentication (Issue #87)
    • New feature: The thumbnail toggle is now in the size selector (Issue #98, PR #102)
    • New feature: Split the tokens into blocks (Issue #83, PR #83 by DanielWeigl)
    • New feature: Account name is now shown in the removal confirmation (Issue #84)
    • New feature: Advanced options are now hidden in the manual entry dialog (Issue #85)
    • New special feature: Clear the KeyStore (use with caution)
    • Bug fix: Change the format used to store and set the language (Issue #112)
    • Bug fix: Add some extra padding the the RecyclerView (Issue #95)
    • Bug fix: Remove gradients from vector thumbnails (Issue #103, PR #97)
    • Thumbnails: a lot of new thumbnails (check the wiki for details)
    • Translation: Catalan (ca-rES) thanks to isard
    Source code(tar.gz)
    Source code(zip)
  • v0.3.1(Dec 8, 2017)

    • Move: the Github repository was moved from flocke/andOTP to andOTP/andOTP for better organization of collaborators
    • New feature: assign (predefined) images to entries (Issue #14, PR #75, again thanks to @RichyHBM for the implementation)
    • New feature: sort labels locale-sensitive (PR #74 by carmebar)
    • New feature: re-hide the revealed entries after a configurable timeout (Issue #77)
    • New feature: add sorting by last usage (Issue #67)
    • New feature: improved error messages during the import of backups
    • New feature: make the replace switch default to false (Issue #80)
    • New special feature: disable Special features again
    • New special feature: enable screenshots in the main Activity
    • Bug fix: use sp for font sizes (to make them scalable)
    • Bug fix: disable the save button in a manual entry until label and secret are not empty (Issue #82)
    • Style/UI: better description of the replace switch
    • Update: Android SDK 27 (Issue #76)
    • Update: Android Gradle plugin 3.0.1
    • Translation: Chinese Simplified (zh-rCN) thanks to Cp0204
    Source code(tar.gz)
    Source code(zip)
    andOTP_v0.3.1.apk(5.69 MB)
  • v0.3.0(Nov 24, 2017)

    • New feature: tagging support (Issue #37, PR #64, big thanks to @RichyHBM for actually implementing this)
    • New feature: settings option to scroll overlong labels instead of just truncating them
    • New feature: option to append entries during import instead of just replacing everything
    • New feature: in-app language switcher (Issue #53)
    • Bug fix: convert secrets to upper case when importing from JSON (Issue #55)
    • Bug fix: some layout fixes for certain translations (Issue #58)
    • Style/UI: new adaptive icon for Android 8+ (Issue #65)
    • Style/UI: remove card elevation
    • Update: Android Studio 3
    • Update: Gradle 4.1 / Android Gradle Plugin 3.0
    Source code(tar.gz)
    Source code(zip)
    andOTP_v0.3.0.apk(3.09 MB)
  • v0.2.8(Oct 25, 2017)

    • New feature: store authentication credentials hashed (Issue #49)
    • New feature: store backup password encrypted (Issue #49)
    • New feature: set a static backup dir to disable the file selector (Issue #52)
    • New feature: special features (see wiki)
    • New special feature: SteamGuard tokens (Issue #38)
    • Style/UI: black theme (Issue #47)
    • Bug fix: keep authentication settings when receiving a Panic Trigger (Issue #50)
    • Bug fix: progress bar animation with default duration scale
    • Translation: Czech (cs-rCZ) thanks to Picard0147
    Source code(tar.gz)
    Source code(zip)
    andOTP_v0.2.8.apk(3.02 MB)
  • v0.2.7(Sep 27, 2017)

    • New feature: require authentication again after screen lock (Issue #28)
    • New feature: make response to Panic Trigger configurable (Issue #35)
    • Bug fix: prevent adding duplicate entries (Issue #41)
    • Update: Android SDK 26 (Oreo)
    • Update: Apache Commons Codec 1.10
    • Code: lot of internal changes (mostly due to the Android 26 update)
    • Translation: French (fr-rFR) thanks to Johan Fleury
    • Translation: Durch (nl-rNL) thanks to T-v-Gerwen and rain2reign
    • Translation: Galician (gl-rES) thanks to Triskel
    • Translation: Russian (ru-rRU) thanks to Victor Nidens, Ilia Drogaitsev and Dmitry
    Source code(tar.gz)
    Source code(zip)
    andOTP_v0.2.7.apk(2.99 MB)
Owner
andOTP
Open source two-factor authentication for Android
andOTP
Herbert Fischer 198 Oct 8, 2022
Yet another ykman Go lib for requesting OATH TOTP Multi-Factor Authentication Codes from Yubikey Devices

ykmangoath Ykman OATH TOTP with Go Yet another ykman Go lib for requesting OATH TOTP Multi-Factor Authentication Codes from Yubikey Devices. ?? Work-i

Ari Palo 4 Jul 3, 2022
Authentication Plugin for implementing Form-Based, Basic, Local, LDAP, OpenID Connect, OAuth 2.0, SAML Authentication

Authentication Plugin for implementing Form-Based, Basic, Local, LDAP, OpenID Connect, OAuth 2.0, SAML Authentication

Paul Greenberg 653 Dec 8, 2022
A simple passwordless authentication middleware that uses only email as the authentication provider

email auth A simple passwordless authentication middleware that uses only email as the authentication provider. Motivation I wanted to restrict access

Miroslav Šedivý 5 Jul 27, 2022
Authorization and authentication. Learning go by writing a simple authentication and authorization service.

Authorization and authentication. Learning go by writing a simple authentication and authorization service.

Dinesh Bhattarai 0 Aug 5, 2022
The Single Sign-On Multi-Factor portal for web apps

Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on (SSO) for your applications

Authelia 14.8k Nov 27, 2022
Open source RBAC library. Associate users with roles and permissions.

ℹ️ This package is completely open source and works independently from Permify. Associate users with roles and permissions This package allows you to

Permify 133 Nov 24, 2022
Go-Guardian is a golang library that provides a simple, clean, and idiomatic way to create powerful modern API and web authentication.

❗ Cache package has been moved to libcache repository Go-Guardian Go-Guardian is a golang library that provides a simple, clean, and idiomatic way to

Sanad Haj Yahya 423 Dec 4, 2022
Go login handlers for authentication providers (OAuth1, OAuth2)

gologin Package gologin provides chainable login http.Handler's for Google, Github, Twitter, Facebook, Bitbucket, Tumblr, or any OAuth1 or OAuth2 auth

Dalton Hubble 1.6k Dec 1, 2022
Package goth provides a simple, clean, and idiomatic way to write authentication packages for Go web applications.

Goth: Multi-Provider Authentication for Go Package goth provides a simple, clean, and idiomatic way to write authentication packages for Go web applic

Mark Bates 3.9k Nov 27, 2022
HTTP Authentication middlewares

goji/httpauth httpauth currently provides HTTP Basic Authentication middleware for Go. It is compatible with Go's own net/http, goji, Gin & anything t

Goji 215 Oct 31, 2022
[DEPRECATED] Go package authcookie implements creation and verification of signed authentication cookies.

Package authcookie import "github.com/dchest/authcookie" Package authcookie implements creation and verification of signed authentication cookies. Co

Dmitry Chestnykh 111 Nov 10, 2022
Basic and Digest HTTP Authentication for golang http

HTTP Authentication implementation in Go This is an implementation of HTTP Basic and HTTP Digest authentication in Go language. It is designed as a si

Lev Shamardin 529 Nov 24, 2022
Go (lang) HTTP session authentication

Go Session Authentication See git tags/releases for information about potentially breaking change. This package uses the Gorilla web toolkit's session

Cameron Little 219 Nov 18, 2022
A reverse proxy that provides authentication with Google, Github or other providers.

A reverse proxy and static file server that provides authentication using Providers (Google, GitHub, and others) to validate accounts by email, domain or group.

OAuth2 Proxy 6.1k Nov 27, 2022
A reverse proxy that provides authentication with Google, Github or other providers.

A reverse proxy and static file server that provides authentication using Providers (Google, GitHub, and others) to validate accounts by email, domain

OAuth2 Proxy 6.1k Dec 1, 2022
Authentication server for Docker Registry 2

The original Docker Registry server (v1) did not provide any support for authentication or authorization. Access control had to be performed externally, typically by deploying Nginx in the reverse proxy mode with Basic or other type of authentication. While performing simple user authentication is pretty straightforward, performing more fine-grained access control was cumbersome.

Cesanta Software 1.1k Dec 2, 2022
Authentication service that keeps you in control without forcing you to be an expert in web security.

Authentication service that keeps you in control without forcing you to be an expert in web security.

Keratin 1.1k Nov 18, 2022
An authentication proxy for Google Cloud managed databases

db-auth-gateway An authentication proxy for Google Cloud managed databases. Based on the ideas of cloudsql-proxy but intended to be run as a standalon

null 25 Dec 5, 2022