发表新帖
发表新帖

Google Authenticator available as a public service?

前端 未结
关注
10 1265
爱一瞬间的悲伤
爱一瞬间的悲伤 2020-12-04 04:24

Is there public API for using the Google Authenticator (two factor authentication) on self-running (e.g. LAMP stack) web apps?

相关标签:
10条回答
  • 借酒劲吻你
    2020-12-04 05:01

    There are a variety of libraries for PHP (The LAMP Stack)

    PHP

    https://code.google.com/p/ga4php/

    http://www.idontplaydarts.com/2011/07/google-totp-two-factor-authentication-for-php/

    You should be careful when implementing two-factor auth, you need to ensure your clocks on the server and client are synchronized, that there is protection in place against brute-force attacks on the token and that the initial seed used is suitably large.

    0 讨论(0)
  • 灰色年华
    2020-12-04 05:09

    Theres: https://www.gauthify.com that offers it as a service

    0 讨论(0)
  • 醉酒成梦
    2020-12-04 05:13

    Yes, need no network service, because Google Authenticator app won't communicate with the google server, it just keeps synced with the initital secret that your server generate(input into your phone from QR code) while the time pass.

    0 讨论(0)
  • -上瘾入骨i
    2020-12-04 05:16

    For C# user, run this simple Console App to understand how to verify the one time token code. Note that we need to install library Otp.Net from Nuget package first.

    static string secretKey = "JBSWY3DPEHPK3PXP"; //add this key to your Google Authenticator app  

private static void Main(string[] args)
{
        var bytes = Base32Encoding.ToBytes(secretKey);

        var totp = new Totp(bytes);

        while (true)
        {
            Console.Write("Enter your code from Google Authenticator app: ");
            string userCode = Console.ReadLine();

            //Generate one time token code
            string tokenInApp = totp.ComputeTotp();
            int remainingSeconds = totp.RemainingSeconds();

            if (userCode.Equals(tokenInApp)
                && remainingSeconds > 0)
            {
                Console.WriteLine("Success!");
            }
            else
            {
                Console.WriteLine("Failed. Try again!");
            }
        }
}
    0 讨论(0)
  • 醉话见心
    2020-12-04 05:18

    For those using Laravel, this https://github.com/sitepoint-editors/google-laravel-2FA is a nice way to solve this problem.

    0 讨论(0)
  • 栀梦
    2020-12-04 05:22

    The algorithm is documented in RFC6238. Goes a bit like this:

    • your server gives the user a secret to install into Google Authenticator. Google do this as a QR code documented here.
    • Google Authenticator generates a 6 digit code by from a SHA1-HMAC of the Unix time and the secret (lots more detail on this in the RFC)
    • The server also knows the secret / unix time to verify the 6-digit code.

    I've had a play implementing the algorithm in javascript here: http://blog.tinisles.com/2011/10/google-authenticator-one-time-password-algorithm-in-javascript/

    0 讨论(0)
 看不清?
提交回复
热议问题