j256/two-factor-auth

Two Factor Authentication Java code implementing the Time-based One-time Password Algorithm

Download

Step 1. Add the JitPack repository to your build file

Add it in your root settings.gradle at the end of repositories:

	dependencyResolutionManagement {
		repositoriesMode.set(RepositoriesMode.FAIL_ON_PROJECT_REPOS)
		repositories {
			mavenCentral()
			maven { url 'https://jitpack.io' }
		}
	}

Add it in your settings.gradle.kts at the end of repositories:

	dependencyResolutionManagement {
		repositoriesMode.set(RepositoriesMode.FAIL_ON_PROJECT_REPOS)
		repositories {
			mavenCentral()
			maven { url = uri("https://jitpack.io") }
		}
	}

Add to pom.xml

	<repositories>
		<repository>
		    <id>jitpack.io</id>
		    <url>https://jitpack.io</url>
		</repository>
	</repositories>

Add it in your build.sbt at the end of resolvers:

 
    resolvers += "jitpack" at "https://jitpack.io"

Add it in your project.clj at the end of repositories:

 
    :repositories [["jitpack" "https://jitpack.io"]]

Step 2. Add the dependency

	dependencies {
		implementation 'com.github.j256:two-factor-auth:two-factor-auth-1.3'
	}
	dependencies {
		implementation("com.github.j256:two-factor-auth:two-factor-auth-1.3")
	}
	<dependency>
	    <groupId>com.github.j256</groupId>
	    <artifactId>two-factor-auth</artifactId>
	    <version>two-factor-auth-1.3</version>
	</dependency>

                            
    libraryDependencies += "com.github.j256" % "two-factor-auth" % "two-factor-auth-1.3"
        
        

                            
    :dependencies [[com.github.j256/two-factor-auth "two-factor-auth-1.3"]]

Readme

Two (2) Factor Authentication (2FA) Java Code

2 Factor Authentication (2FA) Java code which used the Time-based One-time Password (TOTP) algorithm. You can use this code with the Google Authenticator mobile app or the Authy mobile or browser app.

To get this to work you:

  1. Use generateBase32Secret() to generate a secret key in base-32 format for the user. For example: "NY4A5CPJZ46LXZCP"
  2. Store the secret key in the database associated with the user account.
  3. Display the QR image URL returned by qrImageUrl(...) to the user. Here's a sample which uses GoogleAPIs:
    Sample QR Image
  4. User uses the image to load the secret key into his authenticator application.

Whenever the user logs in:

  1. The user enters the number from the authenticator application into the login form on the web server.
  2. The web server reads the secret associated with the user account from the database.
  3. The server compares the user input with the output from generateCurrentNumberString(...).
  4. If they are equal then the user is allowed to log in.

For more details, see the example program.

Maven Configuration

<dependencies>
	<dependency>
		<groupId>com.j256.two-factor-auth</groupId>
		<artifactId>two-factor-auth</artifactId>
		<version>1.3</version>
	</dependency>
</dependencies>

ChangeLog Release Notes

See the ChangeLog.txt file.