AuthenticationKit.TwoFactorProfile

This is the class responsible for creating and validating time-based one-time passwords (TOTPs).

Be aware that the most popular authenticator, Google Authenticator, does not respect most changes to the default properties. Google Authenticator will still read a provisioning uri with non-default values, but will not generate matching codes. For this reason, it is recommended that all properties be left at their default values.

Constructors

Secret As Xojo.Core.MemoryBlock

The unencoded secret shared between the server and the user.

Methods

Function GenerateCode () As UInteger

Generate a password for the current time.

Function GenerateCode (AtTime As Xojo.Core.Date) As UInteger

Generate a password for the time provided by AtTime.

Function ProvisioningURI (Label As Text, Issuer As Text = "") As Text

Create a provisioning uri that can be consumed by an authenticator. This is commonly encoded into a QR code that can be read by a device's camera.

Label is usually the account name to be associated with the profile. Issuer is the website or company issuing the profile. Although the Issuer is not required, it is strongly recommended.

Function Secret () As Xojo.Core.MemoryBlock

The unencoded secret key used to generate unique codes.

Function VerifyCode (Code As UInteger) As Boolean

Verify that Code is valid for the current time. Also checks both the previous code and next code to help alleviate clock synchronization and other user timing issues.

Properties

Digest As Xojo.Crypto.HashAlgorithms

The hash algorithm that should be used. Valid values are SHA-1, SHA-256, and SHA-512. Other values will trigger a Xojo.Core.InvalidArgumentException. Default is SHA-1. Google Authenticator ignores this value and uses SHA-1 instead.

Digits As UInteger

The number of digits of the generated passwords. Valid values are 6 and 8. Other values will trigger a Xojo.Core.InvalidArgumentException. Default is 6. Google Authenticator ignores this value and uses 6 instead.

Period As Xojo.Core.DateInterval

The number of seconds each password should be valid for. Default is 30. Google Authenticator ignores this value and uses 30 instead.