search

xlzd / gotp

Golang OTP(One-Time Password) Library.
MIT License
475 stars 66 forks source link

request help: `NowWithExpiration` changes the `secret` #20

Closed jwrookie closed 2 years ago

jwrookie commented 2 years ago 
package main

import (
    "fmt"
    "github.com/xlzd/gotp"
    "strings"
)

func main() {
    secret := gotp.RandomSecret(16)
    totp := gotp.NewDefaultTOTP(secret)

    fmt.Println(totp.NowWithExpiration())
    fmt.Println(totp.OTP)

    url := totp.ProvisioningUri("jw", "jwrookie")
    fmt.Println(url)
}

---------------output--------------- 440823 1651462380 {ZOTQH5DBJ5RML7W4D24F2F5HDE====== 6 0xc0000a4018} otpauth://totp/jwrookie:jw?issuer=jwrookie&secret=ZOTQH5DBJ5RML7W4D24F2F5HDE%3D%3D%3D%3D%3D%3D

---------------expectations--------------- 440823 1651462380 {ZOTQH5DBJ5RML7W4D24F2F5HDE 6 0xc0000a4018} otpauth://totp/jwrookie:jw?issuer=jwrookie&secret=ZOTQH5DBJ5RML7W4D24F2F5HDE

mergenchik commented 2 years ago

Actually secret is changed in func (o *OTP) byteSecret() which is called in func (o *OTP) generateOTP and this change is just adding base64 padding since secret is stored in base64 encoding.

jwrookie commented 2 years ago

Yes, but the URI cannot be used directly after padding, let the user solve it?