New Feature: Add HMAC-Based One-time Password (HOTP) and Time-based One-time Password (TOTP) support

brockallen / BrockAllen.MembershipReboot

MembershipReboot is a user identity management and authentication library.

Other

742 stars 239 forks source link

New Feature: Add HMAC-Based One-time Password (HOTP) and Time-based One-time Password (TOTP) support #544

Closed DavidChristiansen closed 7 years ago

DavidChristiansen commented 9 years ago

I have added support for the HMAC-Based One-time Password (HOTP) algorithm specified in RFC 4226 and the Time-based One-time Password (TOTP) algorithm specified in RFC 6238 to enable the use of Microsoft and Google authenticator as 2fa mechanism.

Please assign to me if you want this feature brought back into github.

ticket originally created in error here

brockallen commented 9 years ago

For 2fa codes? Not sure how much effort this would be to rework MR's semantics around this... but you're saying you did this already?

DavidChristiansen commented 9 years ago

I have a rough working prototype which I am planning on completing and making releasable. You interested? Do you think there would be a demand for this feature?

brockallen commented 9 years ago

I think having an option for something other than SMS is great. Maybe we can chat over skype and see what you have.

DavidChristiansen commented 9 years ago

Working Time-based One-time Password example ready to demonstrate.

Configuring Authenticator

User clicks "Configure Authenticator"

Step by Step

User adds Membership Reboot Sample to authenticator app, and tells the sample the code generated by Authenticator. This is confirmed and user is good to go.

New two factor auth option

So, once logged out again

Logged Out

Being prompted to identify the code from authenticator

Google Authenticator

Signed in!

Checked into my fork / branch -- https://github.com/DavidChristiansen/BrockAllen.MembershipReboot/tree/feature/RFC-6238

DavidChristiansen commented 9 years ago

Once we have talked this over, I think can strip out the CSS changes etc so a PR is purely RFC-6238 (unless you want the UI changes aswell)

brockallen commented 9 years ago

I just got back from holiday, so you'll have to give me some time to get to this. Thx.

ericlink commented 8 years ago

It seems the fork @ https://github.com/DavidChristiansen/BrockAllen.MembershipReboot/tree/feature/RFC-6238 is not longer there... has it moved somewhere, or is there another implementation of TOTP somewhere else?

Thanks, - Eric

DavidChristiansen commented 8 years ago

Hi Eric, The PR was resubmitted under #594 - needs to be updated in line with recent changes but its all there. Brock and I just need to sit down for an hour to go through it before it goes in.

ericlink commented 8 years ago

Ah great, thanks David! We are doing a two factor project, and this is something we'll want to add. It's great it's so close. If we get to that point before you've gotten to it, I'll be happy to help. Until then, we're just working hard to get version one of our project going...

hanskhe commented 7 years ago

Any idea about when this might be completed? It is a feature we would love to have in our system, as SMS-delivery is not very reliable in all corners of the world.

DavidChristiansen commented 7 years ago

@hanskhe https://twitter.com/dchristiansen/status/836609064981446656

DavidChristiansen commented 7 years ago

Implemented to Dev branch