Google Authenticator for Go

Overview

This is a Go implementation of the Google Authenticator library.

GoDoc Build Status

Copyright (c) 2012 Damian Gryski [email protected] This code is licensed under the Apache License, version 2.0

It implements the one-time-password algorithms specified in:

  • RFC 4226 (HOTP: An HMAC-Based One-Time Password Algorithm)
  • RFC 6238 (TOTP: Time-Based One-Time Password Algorithm)

You can learn more about the Google Authenticator library at its project page:

Comments
  • ComputeCode sometimes returns to few digits

    ComputeCode sometimes returns to few digits

    The following function sometimes returns 5 digits instead of 6:

    https://github.com/dgryski/dgoogauth/blob/96977cbd42e27be71f9f731db6634123de7e861a/googauth.go#L27-L49

    e.g.

    package main
    
    import (
      "crypto/hmac"
      "crypto/sha1"
      "encoding/base32"
      "encoding/binary"
      "fmt"
      "time"
    
      "github.com/dgryski/dgoogauth"
    )
    
    func main() {
      secret := []byte{'H', 'e', 'l', 'l', 'o', '!', 0xDE, 0xAD, 0xBE, 0xEF}
      secretEnc := base32.StdEncoding.EncodeToString(secret)
    
      var t0 int64
      t0 = int64(time.Now().Unix() / 2)
      code := dgoogauth.ComputeCode(secretEnc, t0)
    
      fmt.Printf("code = %+v\n", code)
    }
    
    func ComputeCode(secret string, value int64) int {
      key, err := base32.StdEncoding.DecodeString(secret)
      if err != nil {
        return -1
      }
    
      hash := hmac.New(sha1.New, key)
      err = binary.Write(hash, binary.BigEndian, value)
      if err != nil {
        return -1
      }
      h := hash.Sum(nil)
    
      offset := h[19] & 0x0f
    
      truncated := binary.BigEndian.Uint32(h[offset : offset+4])
    
      truncated &= 0x7fffffff
      code := truncated % 1000000
    
      return int(code)
    }
    

    Outputs the following when looped:

    code = 292234
    code = 108363
    code = 108363
    code = 828914
    code = 45510
    code = 45510
    code = 45288
    code = 45288
    code = 286406
    code = 166336
    code = 166336
    code = 569768
    code = 569768
    
    opened by g3kk0 1
  • Make UTC time selectable

    Make UTC time selectable

    For compatibility reasons, the library will need to use local time. However, switching on UTC is available via a boolean field in the configuration structure. This extends #3, which switches completely to UTC, by adding this field.

    opened by kisom 1
  • handle errors, add ProvisionURIWithIssuer method

    handle errors, add ProvisionURIWithIssuer method

    Hi Damian,

    The major change is the addition of ProvisionURIWithIssuer method, that respects the recommendations found here: https://code.google.com/p/google-authenticator/wiki/ConflictingAccounts

    It's an addition so that existing code does not break, and the current ProvisionURI returns the same values as before (I added a test to validate before and after the change).

    Smaller changes: return an invalid code in case of error in ComputeCode (thanks for confirming that -1 is indeed invalid as per the RFCs), get rid of the fmt dependency and remove unused second return value in the internal checkXxx functions.

    Let me know if you want me to tweak a few things (or if you're not interested in the PR).

    Thanks! Martin

    opened by mna 1
  • illegal base32 at byte 24

    illegal base32 at byte 24

    I received this error when decoding my 26 character secret.

    You should probably update your code to decode the secret using this: https://github.com/gokyle/twofactor/issues/10#issuecomment-381966785

    opened by josephspurrier 2
  • Add LICENSE

    Add LICENSE

    I would like to include this library in one of my side projects but I don't want to violate your rights. Could you please update this repository with a LICENSE file so people understand the restrictions on its use?

    See: https://opensource.org/licenses

    Google has a very useful document which discusses its legal positions on each of the open source licenses as far as being consumed for commercial purposes. It's a good way to understand the consequences of certain licenses such as the WTFPL: https://opensource.google.com/docs/thirdparty/licenses/

    opened by scottmmjackson 1
Releases(0.9.26)
Owner
Damian Gryski
Gopher
Damian Gryski
A tool to manage accounts and codes of Google Authenticator.

A tool to manage accounts and codes of Google Authenticator.

Jormin 5 Sep 10, 2021
Go library for one-time passwords, supports HOPT and TOPT (Google Authenticator compatible)

GoTP: One-time password library for Go GoTP library provides implementations of one-time password generators and validators. This implemantation suppo

Oleksiy Voronin 6 Oct 5, 2022
Go based HTTP server with 2FA based on OTP (One-Time Password) manager like Google Authenticator

Go based HTTP server with 2FA based on OTP (One-Time Password) manager like Goog

Valentin Kuznetsov 7 Aug 21, 2022
Generate a generic library of 2FA tokens compatible with Google Authenticator

towfa Generate a generic library of 2FA tokens compatible with Google Authenticator go get -u github.com/golandscape/twofa $twofa "you secret" result:

golandscape 13 Mar 23, 2022
JWT login microservice with plugable backends such as OAuth2, Google, Github, htpasswd, osiam, ..

loginsrv loginsrv is a standalone minimalistic login server providing a JWT login for multiple login backends. ** Attention: Update to v1.3.0 for Goog

tarent 1.9k Dec 24, 2022
Go session management for web servers (including support for Google App Engine - GAE).

Session The Go standard library includes a nice http server, but unfortunately it lacks a very basic and important feature: HTTP session management. T

AndrĂ¡s Belicza 110 Oct 10, 2022
Provides AWS STS credentials based on Google Apps SAML SSO auth with interactive GUI support

What's this This command-line tool allows you to acquire AWS temporary (STS) credentials using Google Apps as a federated (Single Sign-On, or SSO) pro

Quan Hoang 34 Sep 29, 2022
A reverse proxy that provides authentication with Google, Github or other providers.

A reverse proxy and static file server that provides authentication using Providers (Google, GitHub, and others) to validate accounts by email, domain or group.

OAuth2 Proxy 6.3k Jan 8, 2023
A reverse proxy that provides authentication with Google, Github or other providers.

A reverse proxy and static file server that provides authentication using Providers (Google, GitHub, and others) to validate accounts by email, domain

OAuth2 Proxy 6.3k Jan 1, 2023
An authentication proxy for Google Cloud managed databases

db-auth-gateway An authentication proxy for Google Cloud managed databases. Based on the ideas of cloudsql-proxy but intended to be run as a standalon

null 25 Dec 5, 2022
A Sample Integration of Google and GitHub OAuth2 in Golang (GoFiber) utilising MongoDB

Go Oauth Server This is sample OAuth integration written in GoLang that also uses MongoDB. This is a sample TODO Application where people can Create a

Hemanth Krishna 10 Dec 27, 2022
Server bridging Google's OAuth and service using Radius for authentication

Fringe Fringe is an easy workaround for Google Workplace users who need a Radius server to perform authentication on behalf of other services (e.g. 80

Pierre-Luc Simard 5 Mar 7, 2022
JWT login microservice with plugable backends such as OAuth2, Google, Github, htpasswd

login-service login-service is a standalone minimalistic login server providing a (JWT)[https://jwt.io/] login for multiple login backends. Abstract l

Loren Lisk 0 Feb 12, 2022
Herbert Fischer 198 Oct 8, 2022
A tool to manage accounts and codes of Google Authenticator.

A tool to manage accounts and codes of Google Authenticator.

Jormin 5 Sep 10, 2021
Go library for one-time passwords, supports HOPT and TOPT (Google Authenticator compatible)

GoTP: One-time password library for Go GoTP library provides implementations of one-time password generators and validators. This implemantation suppo

Oleksiy Voronin 6 Oct 5, 2022
Go based HTTP server with 2FA based on OTP (One-Time Password) manager like Google Authenticator

Go based HTTP server with 2FA based on OTP (One-Time Password) manager like Goog

Valentin Kuznetsov 7 Aug 21, 2022
Generate a generic library of 2FA tokens compatible with Google Authenticator

towfa Generate a generic library of 2FA tokens compatible with Google Authenticator go get -u github.com/golandscape/twofa $twofa "you secret" result:

golandscape 13 Mar 23, 2022
AWS credential_process utility to assume AWS IAM Roles with Yubikey Touch and Authenticator App TOPT MFA to provide temporary session credentials; With encrypted caching and support for automatic credential refresh.

AWS credential_process utility to assume AWS IAM Roles with Yubikey Touch and Authenticator App TOPT MFA to provide temporary session credentials; With encrypted caching and support for automatic credential refresh.

Ari Palo 19 Dec 20, 2022
Dex K8s Authenticator

Dex K8s Authenticator A helper web-app which talks to one or more Dex Identity services to generate kubectl commands for creating and modifying a kube

gss2002 0 Dec 17, 2021