OTPVerifier (SIRIUS web 19.0-rc8 API)

java.lang.Object
- sirius.web.security.OTPVerifier

```
public class OTPVerifier
extends Object
```
Utility class to support two factor authentication (aka One Time Passwords).
The idea of two factor authentication is that a valid user is authenticated by something he or she knows (a password) and something he or she has (a security token or a mobile phone + app). Hence the name "two factor authentication".
This app or security token generates time based codes (sometime referred to as "one time password" OTP). This helper class can be used to generate a configuration QR code (which is essentially a configuration URL used by popular apps (like Google Authenticator). It also permits to verify OTP submitted by the user.

Constructor Summary

Constructors
Constructor and Description

OTPVerifier()

Constructors
Constructor and Description
`OTPVerifier()`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`boolean`	`checkCode(String secret, String code)` Verifies the given OTP against the given secret key.
`String`	`computeCode(String secret)` Computes an OTP code for the given secret and current interval.
`String`	`generateSharedSecret()` Returns a randomly generated key which can be used as shared secret.
`String`	`getAsAuthURL(String account, String secret)` Generates an OTPAUTH-URL which can be used to generate a QR code for a mobile device.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - OTPVerifier
```
public OTPVerifier()
```
- Method Detail
  - generateSharedSecret
```
@Nonnull
public String generateSharedSecret()
```
    Returns a randomly generated key which can be used as shared secret.
    A secret like this has to be stored per user. It is required by checkCode(String, String) to verify a given OTP. Also use getAsAuthURL(String, String) to generate an URL which can be put into a QR code to configure apps like Google Authenticator.
    
    Returns:
    
    a secret key to be used as input for checkCode and getAsAuthURL
  - getAsAuthURL
```
@Nonnull
public String getAsAuthURL(String account,
                                    String secret)
```
    Generates an OTPAUTH-URL which can be used to generate a QR code for a mobile device.
    
    Parameters:
    
    account - name of the account associated with this code
    
    secret - the secret used to generate the OTP codes
    
    Returns:
    
    a special URL used by popular apps like Google Authenticator for "automatic" configuration of the account
  - checkCode
```
public boolean checkCode(String secret,
                         String code)
```
    Verifies the given OTP against the given secret key.
    
    Parameters:
    
    secret - the secret stored for this user
    
    code - the OTP entered by the user
    
    Returns:
    
    true if the given OTP is currently valid, false otherwise
  - computeCode
```
@Nonnull
public String computeCode(@Nonnull
                                   String secret)
```
    Computes an OTP code for the given secret and current interval.
    
    Parameters:
    
    secret - the shared secret of the user to compute a code for.
    
    Returns:
    
    a valid OTP code for the current time interval

Class OTPVerifier

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

OTPVerifier

Method Detail

generateSharedSecret

getAsAuthURL

checkCode

computeCode