Skip to content
/ hotpweb Public

A simple Revel web app demonstration OATH-HOTP one-time passwords with Google Authenticator.

License

Notifications You must be signed in to change notification settings

gokyle/hotpweb

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

hotpweb

This is a simple web app that demonstrates OATH-HOTP one-time passwords. It uses the hotp package to provide the codes.

When you pull up the app for the first time, it will ask for your name. Then, it will present you with a QR code that you should scan in with the Google Authenticator app. Once it's loaded, you can start trying to enter codes to see it in action.

Running the app

go get github.com/robfig/revel
go get github.com/gokyle/hotpweb
revel run github.com/gokyle/hotpweb

By default, the app runs on 127.0.0.1:8080

Notes

  • I didn't want to require people to set up a database to use the demo, so the key values are stored in the session. In practice, this is an incredibly bad idea. The hotp godocs have some notes on storing the key values in practice.

  • This only works with the Google Authenticator app. It wouldn't be too hard to adapt it for YubiKeys programmed in OATH-HOTP mode, but that was more work than I wanted to put into this. The hotp package does have a method for handling YubiKeys, though.

License

Copyright (c) 2013 Kyle Isom [email protected]

Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies.

THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

About

A simple Revel web app demonstration OATH-HOTP one-time passwords with Google Authenticator.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published