Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

2fa: add two factor authentication helper API #69

Closed
aeneasr opened this issue May 3, 2016 · 4 comments
Closed

2fa: add two factor authentication helper API #69

aeneasr opened this issue May 3, 2016 · 4 comments
Assignees
Labels
rfc A request for comments to discuss and share ideas.
Milestone

Comments

@aeneasr
Copy link
Member

aeneasr commented May 3, 2016

We could introduce a simple TOTP API endpoint for creating and validating TOTPs.

package twofa

import (
    "github.com/go-errors/errors"
    "github.com/pquerna/otp/totp"
)

type Manager interface {
    Generate(subject string) error
    Validate(subject string) error
}

type TOTP struct {
    Issuer string
    Period uint
}

func (m *TOTP) Generate(subject string) error {
    _, err := totp.Generate(totp.GenerateOpts{
        // Name of the issuing Organization/Company.
        Issuer: m.Issuer,
        // Name of the User's Account (eg, email address)
        AccountName: subject,
        // Number of seconds a TOTP hash is valid for. Defaults to 30 seconds.
        Period: m.Period,
    })
    if err != nil {
        return errors.New(err)
    }

    return nil
}
@aeneasr aeneasr added the feat New feature or request. label May 30, 2016
@aeneasr aeneasr self-assigned this May 30, 2016
@aeneasr aeneasr added help wanted We are looking for help on this one. documentation labels May 30, 2016
@aeneasr aeneasr added this to the 0.3.0 milestone Aug 1, 2016
@waynerobinson
Copy link

For time-based OTP, isn't this really a responsibility of the challenge app?

Or are you planning on storing a number of per-subject keys/secrets in the DB these can be generated against because you want to be the source-of-truth for all things secure (apart from the subject's password)?

@aeneasr
Copy link
Member Author

aeneasr commented Sep 13, 2016

Yes, it's definitely the challenge app's responsibility. But I think that Hydra can take a supportive role in that regard and offer simple APIs to solve these sort of issues.

Am 12.09.2016 um 07:37 schrieb Wayne Robinson notifications@github.com:

For time-based OTP, isn't this really a responsibility of the challenge app?

Or are you planning on storing a number of per-subject keys/secrets in the DB these can be generated against because you want to be the source-of-truth for all things secure (apart from the subject's password)?


You are receiving this because you were assigned.
Reply to this email directly, view it on GitHub #69 (comment), or mute the thread https://github.com/notifications/unsubscribe-auth/ADN1ellmtVu4oCCxhyyIKNT1ZhQ7utUiks5qpOUAgaJpZM4IWUYM.

@aeneasr aeneasr added discuss and removed documentation feat New feature or request. help wanted We are looking for help on this one. labels Sep 23, 2016
@aeneasr
Copy link
Member Author

aeneasr commented Sep 23, 2016

Moved to unplanned because not a priority and questionable benefit.

@aeneasr aeneasr changed the title 2FA support 2fa: add two factor authentication helper API Sep 23, 2016
@aeneasr
Copy link
Member Author

aeneasr commented Oct 24, 2016

I don't think this makes a lot of sense. 2FA is usually well supported in all major languages and it's much easier to use language-level api than network level-api.

@aeneasr aeneasr closed this as completed Oct 24, 2016
@aeneasr aeneasr added rfc A request for comments to discuss and share ideas. and removed discuss labels Aug 20, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
rfc A request for comments to discuss and share ideas.
Projects
None yet
Development

No branches or pull requests

2 participants