otp
#
Description#
This plugin can be used to generate OTP (One-Time Password) codes compatible with Google Authenticator and other 2FA (Two-Factor Authentication) applications.
Configuration#
otp:
# [Optional]
# Base32-encoded secret to be used for password generation.
# secret: # type=Optional[str]
# [Optional]
# If no secret is provided statically, then it will be read from this path
# (default: ``~/.local/share/platypush/otp/secret``). If no secret is found then one will be
# generated.
# secret_path: # type=Optional[str]
# [Optional]
# If you want to use the Google Authenticator, you can specify the default
# email address to associate to your OTPs for the provisioning process here.
# provisioning_name: # type=Optional[str]
# [Optional]
# If you want to use the Google Authenticator, you can specify the default
# issuer name to display on your OTPs here.
# issuer: # type=Optional[str]
Dependencies#
pip
pip install pyotp
Alpine
apk add py3-otp
Debian
apt install python3-pyotp
Fedora
yum install python-pyotp
Arch Linux
pacman -S python-pyotp
Actions#
Module reference#
- class platypush.plugins.otp.OtpPlugin(secret: str | None = None, secret_path: str | None = None, provisioning_name: str | None = None, issuer: str | None = None, **kwargs)[source]#
Bases:
Plugin
This plugin can be used to generate OTP (One-Time Password) codes compatible with Google Authenticator and other 2FA (Two-Factor Authentication) applications.
- __init__(secret: str | None = None, secret_path: str | None = None, provisioning_name: str | None = None, issuer: str | None = None, **kwargs)[source]#
- Parameters:
secret – Base32-encoded secret to be used for password generation.
secret_path – If no secret is provided statically, then it will be read from this path (default:
~/.local/share/platypush/otp/secret
). If no secret is found then one will be generated.provisioning_name – If you want to use the Google Authenticator, you can specify the default email address to associate to your OTPs for the provisioning process here.
issuer – If you want to use the Google Authenticator, you can specify the default issuer name to display on your OTPs here.
- generate_secret() str [source]#
Generate a new secret token for key generation.
- Returns:
The new secret token.
- get_counter_otp(count: int, secret: str | None = None, secret_path: str | None = None) str [source]#
- Parameters:
count – Index for the counter-OTP.
secret – Secret token to be used (overrides configured
secret
).secret_path – File containing the secret to be used (overrides configured
secret_path
).
- Returns:
A count-based token, as a string.
- get_time_otp(secret: str | None = None, secret_path: str | None = None) str [source]#
- Parameters:
secret – Secret token to be used (overrides configured
secret
).secret_path – File containing the secret to be used (overrides configured
secret_path
).
- Returns:
A time-based token, as a string.
- provision_counter_otp(name: str | None = None, issuer: str | None = None, initial_count=0, secret: str | None = None, secret_path: str | None = None) str [source]#
Generate a provisioning URI for a counter-OTP that can be imported in Google Authenticator.
- Parameters:
name – Name or e-mail address associated to the account used by the Google Authenticator. If None is specified then the value will be read from the configured
provisioning_name
.issuer – Name of the issuer of the OTP (default: default configured
issuer
or None).initial_count – Initial value for the counter (default: 0).
secret – Secret token to be used (overrides configured
secret
).secret_path – File containing the secret to be used (overrides configured
secret_path
).
- Returns:
Generated provisioning URI.
- provision_time_otp(name: str | None = None, issuer: str | None = None, secret: str | None = None, secret_path: str | None = None) str [source]#
Generate a provisioning URI for a time-OTP that can be imported in Google Authenticator.
- Parameters:
name – Name or e-mail address associated to the account used by the Google Authenticator. If None is specified then the value will be read from the configured
provisioning_name
.issuer – Name of the issuer of the OTP (default: default configured
issuer
or None).secret – Secret token to be used (overrides configured
secret
).secret_path – File containing the secret to be used (overrides configured
secret_path
).
- Returns:
Generated provisioning URI.
- refresh_secret(secret_path: str | None = None) str [source]#
Refresh the secret token for key generation given a secret path.
- Parameters:
secret_path – Secret path to refresh (default: default configured path).
- verify_counter_otp(otp: str, count: int, secret: str | None = None, secret_path: str | None = None) bool [source]#
Verify a code against a stored counter-OTP.
- Parameters:
otp – Code to be verified.
count – Index for the counter-OTP to be verified.
secret – Secret token to be used (overrides configured
secret
).secret_path – File containing the secret to be used (overrides configured
secret_path
).
- Returns:
True if the code is valid, False otherwise.
- verify_time_otp(otp: str, secret: str | None = None, secret_path: str | None = None) bool [source]#
Verify a code against a stored time-OTP.
- Parameters:
otp – Code to be verified.
secret – Secret token to be used (overrides configured
secret
).secret_path – File containing the secret to be used (overrides configured
secret_path
).
- Returns:
True if the code is valid, False otherwise.