Light

ericlewis / thotp Goto Github PK

View Code? Open in Web Editor NEW

15.0 3.0 3.0 151 KB

Time-base & HMAC-based one-time password generator for iOS, tvOS, watchOS, and macOS

License: MIT License

Swift 97.42% Ruby 2.58%

swift-library swift watchos tvos macos ios cryptokit swift5-1 ipados otpauth otp otp-generator totp hotp

thotp's Introduction

Installation • Usage • Documentation • License • Issues • Pull Requests

TOTP & HOTP generator for iOS, tvOS, watchOS, and macOS

Pure Swift implementation of time-based and HMAC-based one-time password generators. Heavily inspired by the OneTimePassword library from @mattrubin. Protocol based design, so you won't find any subclasses here.

Installation

THOTP can be installed via Swift Package Manager.

Supported platforms are iOS (13.0+), tvOS (13.0+), watchOS (6.0+), and macOS (10.15+).

Swift Package Manager

The easiest integration is to use the built in package manager tools in Xcode 11.0+. You can also do it manually.

Add the following as a dependency to your Package.swift:

.package(url: "https://github.com/ericlewis/THOTP.git", .upToNextMajor(from: "1.0.0"))

After specifying THOTP as a dependency of the target in which you want to use it, run:

swift package update

Usage

By default, this includes basic concrete types for Password & Generators. If you are interested in persistence, there are a couple of options to choose from:

Implement PasswordProtocol with your own concrete type, such as NSManagedObject
Use Valet-THOTP, which adds extensions + a new concrete type for easily persisting using Valet

Basic

The simplest usage is to parse a URL. THOTP is compatible with Google Authenticator's URI Scheme.

let password = try? Password(url: URL(string: "otpauth://totp/test?secret=GEZDGNBV")!)
print(password.currentPassword) // 123321

Documentation

Docs are generated with jazzy & can be found here. The process is currently manual, so it's possible for documentation to be out of date. Tests are a great way to see how to use this library.

License

This library is released under the MIT License. See LICENSE for details.

thotp's People

Contributors

Stargazers

Watchers

Forkers

dlevi309 goppinath ftahmed

thotp's Issues

URL Parsing

Open Source URL+QueryItems package
Add throwable initializer to PasswordProtocol with URL arg
Add absoluteURL extension to PasswordProtocol
Add functioning initializer to Password

Usage

Show a quick & dirty example, url deserialization or some such.

Extract the issuer parameter either from the issuer prefix of the label or the issuer parameter to keep the backwards compatibility

As mentioned in this specification:

The issuer parameter is a string value indicating the provider or service this account is associated with, URL-encoded according to RFC 3986. If the issuer parameter is absent, issuer information may be taken from the issuer prefix of the label. If both issuer parameter and issuer label prefix are present, they should be equal.

The current implementation is extracting the issuer parameter only from the issuer prefix of the label.

The update should extract the issuer either from the issuer parameter or issuer label prefix by satisfying the condition, If both issuer parameter and issuer label prefix are present, they should be equal.

Backward compat

It’s theoretically possible to make this lib backwards compat with most Apple platform versions (and probably Linux too). The major work is swapping the crypto function. Which literally only generates an HMAC. Might be worth doing.

Wrong padding direction, trailing instead of leading

For example, for the truncated hash 78017 the generated token should be 078017. The current implementation padding the zero at the end instead of in the beginning is as follows.

return String(truncatedHash).padding(toLength: digits, withPad: "0", startingAt: 0)

The original OneTimePassword implements this clearly as follows.

return [NSString stringWithFormat:@"%0*ld", (int)self.digits, pinValue];

Cocoapods Support

Extend the API to cover all use cases to grab the issuer parameter from the URL

The issuer parameter can be determined from the URL either by splitting it from the name portion of the query item. The default behaviour is described here.

Even though, some special cases like Microsoft login QR-Codes need to be handled differently than the default.

The library must be extended to cover all use cases without breaking the default behaviour.

Carthage support

Add Cartfile
Add Installation Directions

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.