Python bindings for OATH Toolkit¶
This package is a set of Python bindings for the OATH Toolkit library. Please note that it is OATH (open authentication, e.g., one-time passwords) and not OAuth (an open standard for authorization).
- Runs on a variety of Python versions/implementations
- QR code generator, compatible with apps like Google Authenticator
- Integration with WTForms
- Integration with Django via
To generate a time-based one-time password (TOTP):
from oath_toolkit import TOTP from time import time digits = 6 time_step = 30 oath = TOTP(b'secret key', digits, time_step) one_time_password = oath.generate(time())
To validate a HMAC-based one-time password (HOTP):
from oath_toolkit import HOTP from oath_toolkit.exc import OATHError def verify(otp, counter): digits = 6 oath = HOTP(b'secret key', digits) try: return oath.verify(otp, counter) except OATHError: return False
For an explanation of terms like
counter, refer to the
More complex examples can be found in the
examples/ directory, which
includes a port of the command-line app
oathtool, a sample Django project,
and a simple Flask app which shows how WTForms integration works.
Table of Contents¶
- API Documentation
Unless otherwise noted in the respective files, the code is licensed under the Apache License 2.0. The otherwise-licensed files have the requisite separate license details. Specifically:
oath_toolkit/django_otp/totp/tests.pyare originally licensed under the two-clause BSD license.
examples/django/example/forms.pyis originally licensed under the MIT license.
The documentation is licensed under the Creative Commons Attribution-ShareAlike 4.0 International License (CC BY-SA 4.0).