Download
Add to your project using Maven, Gradle, or download the jar directly.
Maven:
<dependency>
<groupId>com.amdelamar</groupId>
<artifactId>jotp</artifactId>
<version>1.3.0</version>
</dependency>Gradle:
dependencies {
compile 'com.amdelamar:jotp:1.3.0'
}
SBT:
libraryDependencies ++= Seq(
"com.amdelamar" % "jotp" % "1.3.0"
)
Or Download the latest release.
Usage
import com.amdelamar.jotp.OTP;
import com.amdelamar.jotp.type.Type;
// Random secret Base32 with 20 bytes (160 bits) length
// (Use this to setup 2FA for new accounts).
String secret = OTP.randomBase32(20);
// Returns: IM4ZL3G5Q66KW4U7PMOQVXQQH3NGOCHQ
// Generate a Time-based OTP from the secret, using Unix-time
// rounded down to the nearest 30 seconds.
String hexTime = OTP.timeInHex(System.currentTimeMillis());
String code = OTP.create(secret, hexTime, 6, Type.TOTP);
Show User QR Code1
Easiest way to do this is through Goolge APIs, but I plan to add a generateImage() function soon.
https://chart.googleapis.com/chart?chs=200x200&cht=qr&chl=200x200&chld=M|0&cht=qr&chl=otpauth://totp/Example:[email protected]?secret=IM4ZL3G5Q66KW4U7PMOQVXQQH3NGOCHQ&issuer=Example&algorithm=SHA1&digits=6&period=30
(You can use OTP.getURL() to get the otpauth:// URL too.)
After user scans the image with their mobile app...
// Get User's input code for a login...
String userEnteredCode = "123456";
// Verify OTP
if(OTP.verify(secret, userEnteredCode, 6, Type.TOTP)) {
// Code valid. Login successful.
}Details
This code currently supports the standard HMAC-based or Time-based algorithms. for one-time passwords.
It was started as an easy way to enable 2-Factor Authentication for Java based web applications, but it can be applied to other Java applications as well.
Credit
A project by Austin Delamar based off of Kamron Zafar's work and other contributors.
If you'd like to contribute, feel free to fork and make changes, then open a pull request to master branch.
License
Apache 2.01 QR code standard is trademarked by Denso Wave, Inc.