Google Authenticator for Go

Overview

This is a Go implementation of the Google Authenticator library.

GoDoc Build Status

Copyright (c) 2012 Damian Gryski [email protected] This code is licensed under the Apache License, version 2.0

It implements the one-time-password algorithms specified in:

  • RFC 4226 (HOTP: An HMAC-Based One-Time Password Algorithm)
  • RFC 6238 (TOTP: Time-Based One-Time Password Algorithm)

You can learn more about the Google Authenticator library at its project page:

Issues
  • ComputeCode sometimes returns to few digits

    ComputeCode sometimes returns to few digits

    The following function sometimes returns 5 digits instead of 6:

    https://github.com/dgryski/dgoogauth/blob/96977cbd42e27be71f9f731db6634123de7e861a/googauth.go#L27-L49

    e.g.

    package main
    
    import (
      "crypto/hmac"
      "crypto/sha1"
      "encoding/base32"
      "encoding/binary"
      "fmt"
      "time"
    
      "github.com/dgryski/dgoogauth"
    )
    
    func main() {
      secret := []byte{'H', 'e', 'l', 'l', 'o', '!', 0xDE, 0xAD, 0xBE, 0xEF}
      secretEnc := base32.StdEncoding.EncodeToString(secret)
    
      var t0 int64
      t0 = int64(time.Now().Unix() / 2)
      code := dgoogauth.ComputeCode(secretEnc, t0)
    
      fmt.Printf("code = %+v\n", code)
    }
    
    func ComputeCode(secret string, value int64) int {
      key, err := base32.StdEncoding.DecodeString(secret)
      if err != nil {
        return -1
      }
    
      hash := hmac.New(sha1.New, key)
      err = binary.Write(hash, binary.BigEndian, value)
      if err != nil {
        return -1
      }
      h := hash.Sum(nil)
    
      offset := h[19] & 0x0f
    
      truncated := binary.BigEndian.Uint32(h[offset : offset+4])
    
      truncated &= 0x7fffffff
      code := truncated % 1000000
    
      return int(code)
    }
    

    Outputs the following when looped:

    code = 292234
    code = 108363
    code = 108363
    code = 828914
    code = 45510
    code = 45510
    code = 45288
    code = 45288
    code = 286406
    code = 166336
    code = 166336
    code = 569768
    code = 569768
    
    opened by g3kk0 1
  • Make UTC time selectable

    Make UTC time selectable

    For compatibility reasons, the library will need to use local time. However, switching on UTC is available via a boolean field in the configuration structure. This extends #3, which switches completely to UTC, by adding this field.

    opened by kisom 1
  • handle errors, add ProvisionURIWithIssuer method

    handle errors, add ProvisionURIWithIssuer method

    Hi Damian,

    The major change is the addition of ProvisionURIWithIssuer method, that respects the recommendations found here: https://code.google.com/p/google-authenticator/wiki/ConflictingAccounts

    It's an addition so that existing code does not break, and the current ProvisionURI returns the same values as before (I added a test to validate before and after the change).

    Smaller changes: return an invalid code in case of error in ComputeCode (thanks for confirming that -1 is indeed invalid as per the RFCs), get rid of the fmt dependency and remove unused second return value in the internal checkXxx functions.

    Let me know if you want me to tweak a few things (or if you're not interested in the PR).

    Thanks! Martin

    opened by mna 1
  • illegal base32 at byte 24

    illegal base32 at byte 24

    I received this error when decoding my 26 character secret.

    You should probably update your code to decode the secret using this: https://github.com/gokyle/twofactor/issues/10#issuecomment-381966785

    opened by josephspurrier 2
  • Add LICENSE

    Add LICENSE

    I would like to include this library in one of my side projects but I don't want to violate your rights. Could you please update this repository with a LICENSE file so people understand the restrictions on its use?

    See: https://opensource.org/licenses

    Google has a very useful document which discusses its legal positions on each of the open source licenses as far as being consumed for commercial purposes. It's a good way to understand the consequences of certain licenses such as the WTFPL: https://opensource.google.com/docs/thirdparty/licenses/

    opened by scottmmjackson 1
Releases(0.9.26)
Owner
Damian Gryski
Gopher
Damian Gryski
A tool to manage accounts and codes of Google Authenticator.

A tool to manage accounts and codes of Google Authenticator.

Jormin 5 Sep 10, 2021
Go library for one-time passwords, supports HOPT and TOPT (Google Authenticator compatible)

GoTP: One-time password library for Go GoTP library provides implementations of one-time password generators and validators. This implemantation suppo

Oleksiy Voronin 4 May 5, 2022
Go based HTTP server with 2FA based on OTP (One-Time Password) manager like Google Authenticator

Go based HTTP server with 2FA based on OTP (One-Time Password) manager like Goog

Valentin Kuznetsov 1 Mar 8, 2022
Generate a generic library of 2FA tokens compatible with Google Authenticator

towfa Generate a generic library of 2FA tokens compatible with Google Authenticator go get -u github.com/golandscape/twofa $twofa "you secret" result:

golandscape 13 Mar 23, 2022
JWT login microservice with plugable backends such as OAuth2, Google, Github, htpasswd, osiam, ..

loginsrv loginsrv is a standalone minimalistic login server providing a JWT login for multiple login backends. ** Attention: Update to v1.3.0 for Goog

tarent 1.9k May 6, 2022
Go session management for web servers (including support for Google App Engine - GAE).

Session The Go standard library includes a nice http server, but unfortunately it lacks a very basic and important feature: HTTP session management. T

András Belicza 107 Feb 16, 2022
Provides AWS STS credentials based on Google Apps SAML SSO auth with interactive GUI support

What's this This command-line tool allows you to acquire AWS temporary (STS) credentials using Google Apps as a federated (Single Sign-On, or SSO) pro

Quan Hoang 30 Apr 29, 2022
A reverse proxy that provides authentication with Google, Github or other providers.

A reverse proxy and static file server that provides authentication using Providers (Google, GitHub, and others) to validate accounts by email, domain or group.

OAuth2 Proxy 5.2k May 15, 2022
A reverse proxy that provides authentication with Google, Github or other providers.

A reverse proxy and static file server that provides authentication using Providers (Google, GitHub, and others) to validate accounts by email, domain

OAuth2 Proxy 5.2k May 17, 2022
An authentication proxy for Google Cloud managed databases

db-auth-gateway An authentication proxy for Google Cloud managed databases. Based on the ideas of cloudsql-proxy but intended to be run as a standalon

null 24 Apr 6, 2022
A Sample Integration of Google and GitHub OAuth2 in Golang (GoFiber) utilising MongoDB

Go Oauth Server This is sample OAuth integration written in GoLang that also uses MongoDB. This is a sample TODO Application where people can Create a

Hemanth Krishna 8 Apr 25, 2022
Server bridging Google's OAuth and service using Radius for authentication

Fringe Fringe is an easy workaround for Google Workplace users who need a Radius server to perform authentication on behalf of other services (e.g. 80

Pierre-Luc Simard 5 Mar 7, 2022
JWT login microservice with plugable backends such as OAuth2, Google, Github, htpasswd

login-service login-service is a standalone minimalistic login server providing a (JWT)[https://jwt.io/] login for multiple login backends. Abstract l

Loren Lisk 0 Feb 12, 2022
Herbert Fischer 196 Nov 17, 2021
A tool to manage accounts and codes of Google Authenticator.

A tool to manage accounts and codes of Google Authenticator.

Jormin 5 Sep 10, 2021
Go library for one-time passwords, supports HOPT and TOPT (Google Authenticator compatible)

GoTP: One-time password library for Go GoTP library provides implementations of one-time password generators and validators. This implemantation suppo

Oleksiy Voronin 4 May 5, 2022
Go based HTTP server with 2FA based on OTP (One-Time Password) manager like Google Authenticator

Go based HTTP server with 2FA based on OTP (One-Time Password) manager like Goog

Valentin Kuznetsov 1 Mar 8, 2022
Generate a generic library of 2FA tokens compatible with Google Authenticator

towfa Generate a generic library of 2FA tokens compatible with Google Authenticator go get -u github.com/golandscape/twofa $twofa "you secret" result:

golandscape 13 Mar 23, 2022
AWS credential_process utility to assume AWS IAM Roles with Yubikey Touch and Authenticator App TOPT MFA to provide temporary session credentials; With encrypted caching and support for automatic credential refresh.

AWS credential_process utility to assume AWS IAM Roles with Yubikey Touch and Authenticator App TOPT MFA to provide temporary session credentials; With encrypted caching and support for automatic credential refresh.

Ari Palo 15 May 2, 2022
Dex K8s Authenticator

Dex K8s Authenticator A helper web-app which talks to one or more Dex Identity services to generate kubectl commands for creating and modifying a kube

gss2002 0 Dec 17, 2021
Data Connector is a Google Sheets Add-on that lets you import (and export) data to/from Google Sheets

Data Connector Data Connector is a Google Sheets Add-on that lets you import (and export) data to/from Google Sheets. Our roadmap: Connect to JSON/XML

Brent Adamson 103 May 10, 2022
Jacket of google/wire: advanced DI approach wrapping google/wire for cloud.

Wire-Jacket: IoC Container of google/wire for cloud-native Jacket of google/wire: advanced DI approach wrapping google/wire for cloud. google/wire : h

Youngtak Han 4 Dec 16, 2021
Telegram + Google Sheet daily routine trackerTelegram + Google Sheet daily routine tracker

Telegram + Google Sheet daily routine tracker Deploy as serverless function Fork this repository and set secrets github secrets: API_DOMAIN - your ver

Sergey Varibrus 0 Oct 13, 2021
GC2 is a Command and Control application that allows an attacker to execute commands on the target machine using Google Sheet and exfiltrate data using Google Drive.

GC2 GC2 (Google Command and Control) is a Command and Control application that allows an attacker to execute commands on the target machine using Goog

Lorenzo Grazian 140 May 9, 2022
Go-based search engine URL collector , support Google, Bing, can be based on Google syntax batch collection URL

Go-based search engine URL collector , support Google, Bing, can be based on Google syntax batch collection URL

Re 45 May 13, 2022
Correct the timestamp of photo/video of Google Photo from Google takeout

Correct Timestamp of Google Photo from Google Takeout Development Environment: Ubuntu 20.04 Go 1.17 Usage Require Go 1.16 or later to build. go build

Siong-Ui Te (戴上為) 0 Dec 2, 2021
"rsync for cloud storage" - Google Drive, S3, Dropbox, Backblaze B2, One Drive, Swift, Hubic, Wasabi, Google Cloud Storage, Yandex Files

Website | Documentation | Download | Contributing | Changelog | Installation | Forum Rclone Rclone ("rsync for cloud storage") is a command-line progr

rclone 32.9k May 18, 2022
Google-pay-decryptor - Google Pay payload decryptor Tool

Google Pay Decryptor Tool Tired of looking for information about cryptography an

Rakhat 4 Mar 20, 2022
JWT login microservice with plugable backends such as OAuth2, Google, Github, htpasswd, osiam, ..

loginsrv loginsrv is a standalone minimalistic login server providing a JWT login for multiple login backends. ** Attention: Update to v1.3.0 for Goog

tarent 1.9k May 6, 2022