PyOTP: One Time Password Library
I always curious to know that how 2 factor authentication can be implement. So, After so many google search and blogs, I got to know PyOTP. PyOTP is a python library which can generate and verify one time password. It can be used to implement Two Factor or MFA authentication.
As a developer we make sure to follow below checklist which is mentioned in PyOTP documentation as well.
- Ensure transport confidentiality by using HTTPS
- Ensure HOTP/TOTP secret confidentiality by storing secrets in a controlled access database
- Deny replay attacks by rejecting one-time passwords that have been used by the client
- Throttle (rate limit) brute-force attacks against your application’s login functionality
- When implementing a “greenfield” application, consider supporting FIDO U2F/WebAuthn in addition to HOTP/TOTP.
Lets do some implementation:
# import pyotp library
import pyotp
# Generate a random 32 bit value
key = pyotp.random_base32()
# This will give us a uri which will useful to generate QR Code
qr = pyotp.totp.TOTP(key).provisioning_uri('vaibhav.mishra2069@gmail.com')
print(qr)The qr will return the value like otpauth://totp/vaibhav.mishra2069%40gmail.com?secret=A3OBQV1TQOE2BGKF23LDBVOLHKCS64IQ
Now we can append this uri with google chart uri to Genrate the QR Code
Google Chart URIhttps://www.google.com/chart?chs=200x200&chld=M|0&cht=qr&chl=https://www.google.com/chart?chs=200x200&chld=M|0&cht=qr&chl=otpauth://totp/vaibhav.mishra2069%40gmail.com?secret=A3OBQV1TQOE2BGKF23LDBVOLHKCS64IQ
So final URI
Now we can scan the QR with any Authenticator app like google authenticator, after success scan it will give us a 6 digit code which further we can verify as a second client level.
# enter the value recived after scanning QR Code
enter_value = input("Enter the code received in mobile")
# value used to generate the QR
value_to_verify = pyotp.TOTP(key)
#condition to verify the code
if value_to_verify.verify(enter_value):
print("Hurray You did it")
else:
print("ahh! Wrong try")Enjoy Happy Coding….. Suggestions are Welcome :-)
