diff --git a/totp.go b/totp.go index 210b7f7..088e66f 100644 --- a/totp.go +++ b/totp.go @@ -12,16 +12,17 @@ import ( "encoding/hex" "errors" "fmt" - "github.com/sec51/convert" - "github.com/sec51/convert/bigendian" - "github.com/sec51/cryptoengine" - qr "github.com/sec51/qrcode" "hash" "io" "math" "net/url" "strconv" "time" + + "github.com/sec51/convert" + "github.com/sec51/convert/bigendian" + "github.com/sec51/cryptoengine" + qr "github.com/sec51/qrcode" ) const ( @@ -270,6 +271,14 @@ func calculateToken(counter []byte, digits int, h hash.Hash) string { return fmt.Sprintf(fmtStr, mod) } +// Secret returns the underlying base32 encoded secret. +// This should only be displayed the first time a user enables 2FA, +// and should be transmitted over a secure connection. +// Useful for supporting TOTP clients that don't support QR scanning. +func (otp *Totp) Secret() string { + return base32.StdEncoding.EncodeToString(otp.key) +} + // URL returns a suitable URL, such as for the Google Authenticator app // example: otpauth://totp/Example:alice@google.com?secret=JBSWY3DPEHPK3PXP&issuer=Example func (otp *Totp) url() (string, error) {