Merge pull request #9 from mrobinsn/master

Added method to get the secret out for clients which do not support QR code scanning
2024-12-22 07:24:12 +00:00 · 2017-12-13 14:57:54 +01:00 · 2017-12-13 14:57:54 +01:00 · d22311dbf1
commit d22311dbf1
parent 70189459df 92de2f4a0e
1 changed files with 13 additions and 4 deletions
--- a/totp.go
+++ b/totp.go
@ -12,16 +12,17 @@ import (
 	"encoding/hex"
 	"errors"
 	"fmt"
-	"github.com/sec51/convert"
-	"github.com/sec51/convert/bigendian"
-	"github.com/sec51/cryptoengine"
-	qr "github.com/sec51/qrcode"
 	"hash"
 	"io"
 	"math"
 	"net/url"
 	"strconv"
 	"time"
+
+	"github.com/sec51/convert"
+	"github.com/sec51/convert/bigendian"
+	"github.com/sec51/cryptoengine"
+	qr "github.com/sec51/qrcode"
 )

 const (
@ -270,6 +271,14 @@ func calculateToken(counter []byte, digits int, h hash.Hash) string {
 	return fmt.Sprintf(fmtStr, mod)
 }

+// Secret returns the underlying base32 encoded secret.
+// This should only be displayed the first time a user enables 2FA,
+// and should be transmitted over a secure connection.
+// Useful for supporting TOTP clients that don't support QR scanning.
+func (otp *Totp) Secret() string {
+	return base32.StdEncoding.EncodeToString(otp.key)
+}
+
 // URL returns a suitable URL, such as for the Google Authenticator app
 // example: otpauth://totp/Example:alice@google.com?secret=JBSWY3DPEHPK3PXP&issuer=Example
 func (otp *Totp) url() (string, error) {