Python bindings for OATH Toolkit¶
This package is a set of Python bindings for the OATH Toolkit library. Please note that it is OATH (open authentication, e.g., one-time passwords) and not OAuth (an open standard for authorization).
Features¶
- Runs on a variety of Python versions/implementations
- QR code generator, compatible with apps like Google Authenticator
- Integration with WTForms
- Integration with Django via
django-otp
Usage¶
To generate a time-based one-time password (TOTP):
from oath_toolkit import TOTP
from time import time
digits = 6
time_step = 30
oath = TOTP(b'secret key', digits, time_step)
one_time_password = oath.generate(time())
To validate a HMAC-based one-time password (HOTP):
from oath_toolkit import HOTP
from oath_toolkit.exc import OATHError
def verify(otp, counter):
digits = 6
oath = HOTP(b'secret key', digits)
try:
return oath.verify(otp, counter)
except OATHError:
return False
For an explanation of terms like time_step
and counter
, refer to the
API documentation.
More complex examples can be found in the examples/
directory, which
includes a port of the command-line app oathtool
, a sample Django project,
and a simple Flask app which shows how WTForms integration works.
Table of Contents¶
License¶
Unless otherwise noted in the respective files, the code is licensed under the Apache License 2.0. The otherwise-licensed files have the requisite separate license details. Specifically:
oath_toolkit/django_otp/hotp/tests.py
andoath_toolkit/django_otp/totp/tests.py
are originally licensed under the two-clause BSD license.examples/django/example/forms.py
is originally licensed under the MIT license.
The documentation is licensed under the Creative Commons Attribution-ShareAlike 4.0 International License (CC BY-SA 4.0).