pyauth / pyotp

Python One-Time Password Library
https://pyauth.github.io/pyotp/
Other
3.03k stars 326 forks source link

Can PyOTP be integrated with Duo? #122

Closed mave89 closed 2 years ago

mave89 commented 3 years ago

Hi,

I can see that PyOTP integrates well with Google Authenticator and Authy. I have a use case where I want PyOTP to work with Duo but I haven't found any docs on that. So I wanted to ask the community about it. Any insights on this are much appreciated!

Best,

Faiz

kislyuk commented 2 years ago

Hello, thank you for your interest in PyOTP.

PyOTP does not directly support any specific authenticator applications. Instead, as noted in the PyOTP documentation, PyOTP supports open standards including TOTP, HOTP, and the OTP URI convention.

Please refer to the documentation of the app in question to check if it supports TOTP or HOTP.

mcoirad commented 1 year ago

For anyone wondering Duo supports HOTP but doesn't support using an authenticator solution other than their own apps. Funnily enough they allow people to use their app for other authentication systems but not vice-versa. Great business model. You'll have to find a way of getting the actual HOTP key from Duo somehow -- I have not yet gone through their app to see how it is getting the base32 string from the QR code they give you.

One workaround for stuff involving Duo (that is beyond the scope of this project) can be emulating a hardware security key (which Duo does support) using something like Virtual FIDO. Probably not great security wise but if all you care about is cracking Duo it is a convenient solution.