django-otp (part-II)
In my previous article, I discussed 2 different types of OTP and the basics of generating an OTP with django-otp. In this article I am going to write about creating a TOTP object and using that to generate and verify a token.
Let’s create a class TOTPVerification
. Check this code below. You can run it and check for yourself. I have included comments for a better understanding of the program.
There are 4 main steps involved:
1) Create a TOTP
object.
2) Use that object to generate the token.
3) Take user input.
4) Verify the token
You can check the source code for TOTP
from the django-otp repository here.
TOTP
class has 4 main methods:
1) TOTP.t()
— It returns the time based counter.
2) TOTP.time()
— It returns current time in seconds, time.time()
by default.
3) TOTP.token()
— It is the computed the token. It calls hotp()
method, by
passing 3 parameters:
i)key — It is the secret key.
ii)t —Time based counter.
iii)digits — Number of digits in a token.
4) TOTP.verify()
— It takes 2 parameters:
i) token
— This is the token which will be verified.
ii) tolerance
— This parameter allows us to verify a token which has already expired.
You can check the code that I used in my project here.
I hope this helped. Let me know if there are any doubts. :)