Go to new doc!

+49 228 5552576-0


info@predic8.com

totpTokenProvider

Description

A token provider using the Time-based One-time Password (TOTP) algorithm specified in RFC 6238 to verify tokens using a pre-shared secret.

Can be used in

bean and login

Syntax

       <totpTokenProvider />
			
Listing 1: totpTokenProvider Syntax

Explanation

The totpTokenProvider uses the Time-based One-time Password (TOTP) algorithm specified in RFC 6238 to verify tokens using a pre-shared secret.

The tokens consist of 6 digits.

The user's attribute secret is used as the pre-shared secret. If this attribute is missing, the login attempt fails.

Note that the server's system time is taken into account when verifying tokens.

It is possible, for example, to use the Google Authenticator App to store the pre-shared secret and generate such tokens.