OneTimePassword Class
Properties Methods Events Config Settings Errors
The OneTimePassword class allows creation of single use passwords.
Syntax
class ipworksauth.OneTimePassword
Remarks
The OneTimePassword class implements the HOTP algorithm defined in RFC 4226 (HMAC-Based One-Time Password) and the TOTP algorithm defined in RFC 6238 (Time-Based One-Time Password). These types of passwords are commonly used as a second factor of authentication in multi-factor authentication scenarios.
To begin decide which algorithm you wish to use and set password_algorithm. Specify the shared secret in the secret property.
Next, depending on the algorithm chosen you may set counter (HOTP) or time_step (TOTP). If these properties are not set, the class will use a default value.
To create the password call create_password. The password property will be populated with the new password.
To validate a password set the password property and call validate_password. The method will return True or False to indicate success or failure.
Property List
The following is the full list of the properties of the class with short descriptions. Click on the links for further details.
counter | The counter used for HMAC-Based One Time Password creation or validation. |
password | The HMAC-Based or Time-Based One Time Password. |
password_algorithm | The algorithm used to create or validate the password. |
secret | The Base32 encoded shared secret used when creating and validating a password. |
time_step | The time step (in seconds) used for Time-Based One Time Password creation or validation. |
Method List
The following is the full list of the methods of the class with short descriptions. Click on the links for further details.
config | Sets or retrieves a configuration setting. |
create_password | Creates a Time-Based or HMAC-Based One Time Password. |
reset | Reset the variables to default value. |
validate_password | Validates a Time-Based or HMAC-Based One Time Password. |
Event List
The following is the full list of the events fired by the class with short descriptions. Click on the links for further details.
on_error | Information about errors during data delivery. |
Config Settings
The following is a list of config settings for the class with short descriptions. Click on the links for further details.
CurrentTime | The current time in milliseconds. |
FuturePasswordsAccepted | The number of future passwords to accept. |
HashAlgorithm | The hash algorithm used to sign the password. |
PasswordLength | The length of the generated password. |
PreviousPasswordsAccepted | The number of previous passwords to accept. |
SecretLength | The length of secret to generate. |
ValidityTime | The validity time of the created TOTP password. |
BuildInfo | Information about the product's build. |
CodePage | The system code page used for Unicode to Multibyte translations. |
LicenseInfo | Information about the current license. |
MaskSensitive | Whether sensitive data is masked in log messages. |
ProcessIdleEvents | Whether the class uses its internal event loop to process events when the main thread is idle. |
SelectWaitMillis | The length of time in milliseconds the class will wait when DoEvents is called if there are no events to process. |
UseFIPSCompliantAPI | Tells the class whether or not to use FIPS certified APIs. |
UseInternalSecurityAPI | Tells the class whether or not to use the system security libraries or an internal implementation. |
counter Property
The counter used for HMAC-Based One Time Password creation or validation.
Syntax
def get_counter() -> int: ... def set_counter(value: int) -> None: ...
counter = property(get_counter, set_counter)
Default Value
0
Remarks
This property holds the counter value used for HMAC-Based One Time Password creation or validation. When password_algorithm is set to paHOTP this value must be specified before calling create_password or validate_password. The value should be incremented each time a password is created.
The default value is 0.
This property is not applicable when using the Time-Based One Time Password algorithm.
password Property
The HMAC-Based or Time-Based One Time Password.
Syntax
def get_password() -> str: ... def set_password(value: str) -> None: ...
password = property(get_password, set_password)
Default Value
""
Remarks
This property holds the HMAC-Based or Time-Based One Time Password. This property is populated after calling create_password. This property must be set before calling validate_password.
password_algorithm Property
The algorithm used to create or validate the password.
Syntax
def get_password_algorithm() -> int: ... def set_password_algorithm(value: int) -> None: ...
password_algorithm = property(get_password_algorithm, set_password_algorithm)
Default Value
0
Remarks
This property specifies whether to use the HMAC-Based or Time-Based One Time Password algorithm. Possible values are:
0 (paTOTP - default) | Time-Based One Time Password Algorithm. |
1 (paHOTP) | HMAC-Based One Time Password Algorithm. |
secret Property
The Base32 encoded shared secret used when creating and validating a password.
Syntax
def get_secret() -> str: ... def set_secret(value: str) -> None: ...
secret = property(get_secret, set_secret)
Default Value
""
Remarks
This property specifies the Base32 encoded shared secret used when creating and validating a password. This should be set before calling create_password or validate_password.
If this is not set before calling create_password a random secret will be automatically generated. This functionality provides an easy way to create new secret values. The length of the secret is defined by SecretLength.
time_step Property
The time step (in seconds) used for Time-Based One Time Password creation or validation.
Syntax
def get_time_step() -> int: ... def set_time_step(value: int) -> None: ...
time_step = property(get_time_step, set_time_step)
Default Value
30
Remarks
This property specifies the time step (in seconds) used for Time-Based One Time Password creation or validation. When password_algorithm is set to paTOTP this value must be specified before calling create_password or validate_password.
The default value is 30.
This property is not applicable when using the Time-Based One Time Password algorithm.
config Method
Sets or retrieves a configuration setting.
Syntax
def config(configuration_string: str) -> str: ...
Remarks
config is a generic method available in every class. It is used to set and retrieve configuration settings for the class.
These settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the class, access to these internal properties is provided through the config method.
To set a configuration setting named PROPERTY, you must call Config("PROPERTY=VALUE"), where VALUE is the value of the setting expressed as a string. For boolean values, use the strings "True", "False", "0", "1", "Yes", or "No" (case does not matter).
To read (query) the value of a configuration setting, you must call Config("PROPERTY"). The value will be returned as a string.
create_password Method
Creates a Time-Based or HMAC-Based One Time Password.
Syntax
def create_password() -> None: ...
Remarks
This method creates either a Time-Based or HMAC-Based One Time Password. The password_algorithm property specifies which algorithm to use.
The following properties are applicable when calling create_password.
- password_algorithm
- secret
- counter (required for HMAC-Based One Time Password)
- time_step (applicable for Time-Based One Time Password)
Calling create_password populates the password property with the created password.
If secret is not specified before calling this method a random secret will be automatically generated.
reset Method
Reset the variables to default value.
Syntax
def reset() -> None: ...
Remarks
This method will reset the variables to default value.
validate_password Method
Validates a Time-Based or HMAC-Based One Time Password.
Syntax
def validate_password() -> bool: ...
Remarks
This method validates a Time-Based or HMAC-Based One Time Password. The password_algorithm property specifies which algorithm to use.
The following properties are applicable when calling validate_password.
- password (required)
- password_algorithm
- secret (required)
- counter (required for HMAC-Based One Time Password)
- time_step (applicable for Time-Based One Time Password)
The method will return True if the password is validated, False otherwise.
on_error Event
Information about errors during data delivery.
Syntax
class OneTimePasswordErrorEventParams(object): @property def error_code() -> int: ... @property def description() -> str: ... # In class OneTimePassword: @property def on_error() -> Callable[[OneTimePasswordErrorEventParams], None]: ... @on_error.setter def on_error(event_hook: Callable[[OneTimePasswordErrorEventParams], None]) -> None: ...
Remarks
The on_error event is fired in case of exceptional conditions during message processing. Normally the class fails with an error.
ErrorCode contains an error code and Description contains a textual description of the error. For a list of valid error codes and their descriptions, please refer to the Error Codes section.
OneTimePassword Config Settings
The class accepts one or more of the following configuration settings. Configuration settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the class, access to these internal properties is provided through the config method.OneTimePassword Config Settings | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
CurrentTime: The current time in milliseconds.Specifies the current time Unix time in milliseconds (time since January 1 1970). Normally the component will query the system for the current time when creating or validating TOTP passwords. In the event that the system time is incorrect or cannot be retrieved you may set this value to the current time. This value will be reset to 0 after calling create_password. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
FuturePasswordsAccepted: The number of future passwords to accept.When set to a positive value, the class will accept passwords which are generated {FuturePasswordsAccepted} * time_step seconds in the future. The default value is 0. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
HashAlgorithm:
The hash algorithm used to sign the password.This setting specifies the hash algorithm used to sign the password. Possible values are:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
PasswordLength:
The length of the generated password.This setting specifies the length of the generated password. Possible values are:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
PreviousPasswordsAccepted: The number of previous passwords to accept.When set to a positive value, the class will accept passwords which were generated {PreviousPasswordsAccepted} * time_step seconds in the past. The default value is 0. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SecretLength: The length of secret to generate.When secret is empty and create_password is called a random secret value will be generated. This setting determines the length of the randomly generated secret. The default value is 32. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
ValidityTime: The validity time of the created TOTP password.This setting returns the remaining validity time in seconds of the created TOTP password. After calling create_password this setting may be queried to determine for how many more seconds the password will be valid. If the password is no longer valid this setting returns 0. This is not applicable to HOTP passwords. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Base Config Settings | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
BuildInfo: Information about the product's build.When queried, this setting will return a string containing information about the product's build. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
CodePage:
The system code page used for Unicode to Multibyte translations.The default code page is Unicode UTF-8 (65001).
The following is a list of valid code page identifiers:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LicenseInfo:
Information about the current license.When queried, this setting will return a string containing information about the license this instance of a class is using. It will return the following information:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
MaskSensitive:
Whether sensitive data is masked in log messages.In certain circumstances it may be beneficial to mask sensitive data, like passwords, in log messages. Set this to True to mask sensitive data. The default is False.
This setting only works on these classes: AS3Receiver, AS3Sender, Atom, Client(3DS), FTP, FTPServer, IMAP, OFTPClient, SSHClient, SCP, Server(3DS), Sexec, SFTP, SFTPServer, SSHServer, TCPClient, TCPServer. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
ProcessIdleEvents: Whether the class uses its internal event loop to process events when the main thread is idle.If set to False, the class will not fire internal idle events. Set this to False to use the class in a background thread on Mac OS. By default, this setting is True. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SelectWaitMillis: The length of time in milliseconds the class will wait when DoEvents is called if there are no events to process.If there are no events to process when do_events is called, the class will wait for the amount of time specified here before returning. The default value is 20. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
UseFIPSCompliantAPI:
Tells the class whether or not to use FIPS certified APIs.When set to True, the class will utilize the underlying operating system's certified APIs. Java editions, regardless of OS, utilize Bouncy Castle FIPS, while all the other Windows editions make use of Microsoft security libraries.
FIPS mode can be enabled by setting the UseFIPSCompliantAPI configuration setting to True. This is a static setting which applies to all instances of all classes of the toolkit within the process. It is recommended to enable or disable this setting once before the component has been used to establish a connection. Enabling FIPS while an instance of the component is active and connected may result in unexpected behavior. For more details please see the FIPS 140-2 Compliance article. Note: This setting is only applicable on Windows. Note: Enabling FIPS-compliance requires a special license; please contact sales@nsoftware.com for details. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
UseInternalSecurityAPI:
Tells the class whether or not to use the system security libraries or an internal implementation.
When set to False, the class will use the system security libraries by default to perform cryptographic functions where applicable.
Setting this setting to True tells the class to use the internal implementation instead of using the system security libraries. On Windows, this setting is set to False by default. On Linux/macOS, this setting is set to True by default. To use the system security libraries for Linux, OpenSSL support must be enabled. For more information on how to enable OpenSSL, please refer to the OpenSSL Notes section. |
OneTimePassword Errors
OneTimePassword Errors
114 Can't create password. | |
115 Can't validate password. |