MAJOR BEHAVIOR CHANGE IN 3.1.0: Explanation of Changes from 3.0 to 3.1
RFC4226/RFC6238 One-Time Password / Google Authenticator Library
Features:
- Generate TOTP (RFC6238) and HOTP (RFC4226) codes.
- Annotated source code
pub.dartlang.org: (you can use 'any' instead of a version if you just want the latest always)
dependencies:
otp: 3.1.2
import 'package:otp/otp.dart';
Start generating tokens.
// Generate TOTP code. (String versin of function incase of leading 0)
OTP.generateTOTPCodeString("JBSWY3DPEHPK3PXP", 1362302550000); // -> '505548'
// Generate HOTP Code.
OTP.generateHOTPCodeString("JBSWY3DPEHPK3PXP", 7); // -> '006676'
This library does not support any other secret input other than Base32. It is what is used standard most places, and by Google Authenticator. If your secrets are not Base32 forms, please use my Base32 library (the one I use as a dependency for this library) or any other base32 library to encode your secret before passing it into the functions. All generate functions force decode of Base32.
useTOTPPaddingForHOTP
(bool, default: false)
Uses the TOTP padding method for handling secrets bigger or smaller than the mandatory sizes for SHA256/SHA512.
This is needed as HOTP does not have an official method of using SHA256 or SHA512 in the RFC spec and most libraries don't pad HOTP for use with SHA256 or SHA512. (examples: otplib and speakeasy from Node.js)
If you enable this, it will use the same padding as TOTP (repeating the secret to the right length) but might cause incompatibilies with other libraries. I am defaulting to no padding, as this is the predominant behavior I am finding for HOTP.
OTP.generateTOTPCode(String secret, int currentTime, {int length: 6, int interval: 30, Algorithm algorithm: Algorithm.SHA256, bool isGoogle: false})
Generate a code for the provided secret and time.
secret
- (String) A Base32 String.currentTime
- (int) The current time in milliseconds.length
- (int) The length of the resulting code.interval
- (int) Refresh interval to get a new code.algorithm
- (Algorithm) Hashing method.isGoogle
- (bool) flag to turn off secret padding for Google Auth.
Returns an int
code. Does not preserve leading zeros.
OTP.generateTOTPCodeString(String secret, int currentTime, {int length: 6, int interval: 30, Algorithm algorithm: Algorithm.SHA256, bool isGoogle: false})
Generate a code for the provided secret and time.
secret
- (String) A Base32 String.currentTime
- (int) The current time in milliseconds.length
- (int) The length of the resulting code.interval
- (int) Refresh interval to get a new code.algorithm
- (Algorithm) Hashing method.isGoogle
- (bool) flag to turn off secret padding for Google Auth.
Returns an String
code. Preserves leading zeros.
Generate a code for the provided secret and time.
secret
- (String) A Base32 String.counter
- (int) An int counter.length
- (int) the length of the resulting code.
Returns an int
code. Does not preserve leading zeros
Generate a code for the provided secret and time.
secret
- (String) A Base32 String.counter
- (int) An int counter.length
- (int) the length of the resulting code.
Returns an String
code. Preserves leading zeros
!DISCLAIMER! I can only get this to be within 1 millisecond between different codes and same codes. I have yet to get them to be equal. but 1 millisecond should be an OK room for error though.
Compares 2 codes in constant time to minimize risk of timing attacks.
code
- (String) A Base32 String.othercode
- (String) A Base32 String.
Returns an bool
if they match or not.
This will return the remaining seconds based on the lastUsedTime
variable, that is only set when using generateTOTP*
functions.
interval
- (int) The interval you are using for your codes, defaults to the standard 30 seconds.
Returns an int
of the remaining seconds.
pub run test
See CHANGELOG.md