Home

Awesome

Build Status coveralls.io hex.pm

POT

Introduction

POT is an Erlang library for generating one time passwords. It supports both HMAC-based one time passwords (HOTP) and time based ones (TOTP). The generated passwords are based on RFC 4226 and RFC 6238, compatible with Google Authenticator.

POT is an almost direct translation of the Python OneTimePass library.

POT should work with any recent version of Erlang/OTP, Elixir, and other Erlang VM based languages.

In order to learn more about one time password generation, see the following Wikipedia articles:

Version History

2021-08-07

2021-03-28

2020-09-15

2020-03-08

2019-10-16

2019-08-03

2019-07-09

2018-02-12

2017-08-04

2016-07-30

2015-01-20

2015-01-18

Usage

See the sections below on using pot in your Erlang and Elixir project.

Erlang

We recommend using rebar3 for managing dependencies and building the library. POT is available on hex.pm, so you can just include the following in your rebar.config:

{deps, [pot]}.

See the Erlang examples

Elixir

Include POT in your mix.exs as a dependency:

defp deps do
    [{:pot, "~> 1.0"}]
end

<a id="function-ref"></a>Function Reference

The functions below refer to the following common parameters:

ParameterType
Intervalinteger
Secretstring*
Tokenstring*

*Note: for Erlang uses of pot, all strings should be in binary() format.

Token Generation Functions

hotp/2,3

Generate an RFC 4226 compatible HOTP token.

Erlang:

pot:hotp(Secret, Interval) -> Token
pot:hotp(Secret, Interval, Options) -> Token

Elixir:

:pot.hotp(Secret, Interval) -> Token
:pot.hotp(Secret, Interval, Options) -> Token

The following Options are allowed:

OptionTypeDefault
digest_methodatomsha
token_lengthinteger > 06

totp/1,2

Generate an RFC 6238 compatible TOTP token.

Erlang:

pot:totp(Secret) -> Token
pot:totp(Secret, Options) -> Token

Elixir:

:pot.totp(Secret) -> Token
:pot.totp(Secret, Options) -> Token

The following Options are allowed:

OptionTypeDefault/Reference
addwindowinteger0
digest_methodatomfrom hotp/2,3
interval_lengthinteger > 030
timestamptimestampos:timestamp()
token_lengthinteger > 0from hotp/2,3

Token Validation Functions

valid_token/1,2

Validate that a given Token has the correct format (correct length, all digits).

Erlang:

pot:valid_token(Token) -> Boolean
pot:valid_token(Token, Options) -> Boolean

Elixir:

:pot.valid_token(Token) -> Boolean
:pot.valid_token(Token, Options) -> Boolean

The following Options are allowed:

OptionTypeDefault/Reference
token_lengthinteger > 0from hotp/2,3

valid_hotp/2,3

Validate an RFC 4226 compatible HOTP token. Returns true if the Token is valid.

Erlang:

pot:valid_hotp(Token, Secret) -> Boolean
pot:valid_hotp(Token, Secret, Options) -> Boolean | {true, interval()}

Elixir:

:pot.valid_hotp(Token, Secret) -> Boolean
:pot.valid_hotp(Token, Secret, Options) -> Boolean | {true, interval()}

The following Options are allowed:

OptionTypeDefault/Reference
digest_methodatomfrom hotp/2,3
lastinteger1
return_intervalbooleanfalse
token_lengthinteger > 0from hotp/2,3
trialsinteger > 01000

valid_totp/2,3

Validate an RFC 6238 compatible TOTP token. Returns true if the Token is valid.

Erlang:

pot:valid_totp(Token, Secret) -> Boolean
pot:valid_totp(Token, Secret, Options) -> Boolean

Elixir:

:pot.valid_totp(Token, Secret) -> Boolean
:pot.valid_totp(Token, Secret, Options) -> Boolean

The following Options are allowed:

OptionTypeDefault/Reference
addwindowintegerfrom totp/1,2
digest_methodatomfrom hotp/2,3
interval_lengthinteger > 0from totp/1,2
timestamptimestampfrom totp/1,2
token_lengthinteger > 0from hotp/2,3
windowinteger > 00

Examples (Erlang)

POT works with binary tokens and secrets.

Create a time based token

Secret = <<"MFRGGZDFMZTWQ2LK">>,
Token = pot:totp(Secret),
% Do something with the token

Create an HMAC based token

Secret = <<"MFRGGZDFMZTWQ2LK">>,
CurrentTrial = 3,
Token = pot:hotp(Secret, CurrentTrial),
% Do something with the token

Check some time based token

Secret = <<"MFRGGZDFMZTWQ2LK">>,
Token = <<"123456">>,
IsValid = pot:valid_totp(Token, Secret),
% Do something

Check some HMAC based token

Secret = <<"MFRGGZDFMZTWQ2LK">>,
Token = <<"123456">>,
LastUsed = 5,  % last successful trial
IsValid = pot:valid_hotp(Token, Secret, [{last, LastUsed}]),
% Do something

Alternatively, to get the last interval from a validated token:

Secret = <<"MFRGGZDFMZTWQ2LK">>,
Token = <<"123456">>,
LastUsed = 5,  % last successful trial
Options = [{last, LastUsed}, {return_interval, true}],
NewLastUsed = case pot:valid_hotp(Token, Secret, Options) of
                  {true, LastInterval} -> LastInterval;
                  false -> LastUsed
              end,
% Do something

Create a time based token with 30 seconds ahead

Secret = <<"MFRGGZDFMZTWQ2LK">>,
Token = pot:totp(Secret, [{addwindow, 1}]),
% Do something

Check a time based token from a mobile device with 30 seconds ahead and a ±1 interval tolerance

Secret = <<"MFRGGZDFMZTWQ2LK">>,
Token = <<"123456">>,
IsValid = pot:valid_totp(Token, Secret, [{window, 1}, {addwindow, 1}]),
% Do something

Create a time based token for given time

Time format is {MegaSecs, Secs, MicroSecs} received by os:timestamp()

Secret = <<"MFRGGZDFMZTWQ2LK">>,
Token = pot:totp(Secret, [{timestamp, {1518, 179058, 919315}}]),
% Token will be <<"151469">>

Examples (Elixir)

Create a time based token

secret = "MFRGGZDFMZTWQ2LK"
token = :pot.totp(secret)
# Do something with the token

Create an HMAC based token

secret = "MFRGGZDFMZTWQ2LK"
current_trial = 3
token = :pot.hotp(secret, current_trial)
# Do something with the token

Check some time based token

secret = "MFRGGZDFMZTWQ2LK"
token = "123456"
is_valid = :pot.valid_totp(token, secret)
# Do something

Check some HMAC based token

secret = "MFRGGZDFMZTWQ2LK"
token = "123456"
last_used = 5  # last successful trial
is_valid = :pot.valid_hotp(token, secret, [{:last, last_used}])
# Do something

Alternatively, to get the last interval from a validated token:

secret = "MFRGGZDFMZTWQ2LK"
token = "123456"
last_used = 5  # last successful trial
options = [{:last, last_used}, {:return_token, true}]
new_last_used =
    case :pot.valid_hotp(token, secret, options) do
        {true, last_interval} -> last_interval
        false -> last_used
    end
# Do something

Create a time based token with 30 seconds ahead

secret = "MFRGGZDFMZTWQ2LK"
token = :pot.totp(secret, [addwindow: 1])
# Do something

Check a time based token from a mobile device with 30 seconds ahead and a ±1 interval tolerance

secret = "MFRGGZDFMZTWQ2LK"
token = "123456"
is_valid = :pot.valid_totp(token, secret, [window: 1, addwindow: 1])
# Do something

Create a time based token for given time

Time format is {MegaSecs, Secs, MicroSecs} received by :os.timestamp()

secret = "MFRGGZDFMZTWQ2LK"
token = :pot.totp(secret, [timestamp: {1518, 179058, 919315}])
# Token will be <<"151469">>

Credits

Thanks to contributors.

Maintainers

License

Copyright (c) 2014-2021 POT Contributors

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.