TOTP Class

Properties Methods Events Config Settings Errors

The TOTP class allows creation of Time-Based One-Time passwords.

Syntax

class ipworksauth.TOTP

Remarks

The TOTP class implements the TOTP algorithm defined in RFC 6238 (Time-Based One-Time Password). These types of passwords are commonly used as a second factor of authentication in multi-factor authentication scenarios.

To begin specify the shared secret in the secret property.

Next, you may set time_step. If this property is not set, the class will use a default value.

To create the password call create_password. The password property will be populated with the new password.

To validate a password set the password property and call validate_password. The method will return True or False to indicate success or failure.

Property List

The following is the full list of the properties of the class with short descriptions. Click on the links for further details.


password	The Time-Based One Time Password.
secret	The Base32 encoded shared secret used when creating and validating a password.
time_step	The time step (in seconds) used for Time-Based One Time Password creation or validation.
validity_time	The validity time of the created password.

Method List

The following is the full list of the methods of the class with short descriptions. Click on the links for further details.


config	Sets or retrieves a configuration setting.
create_password	Creates a Time-Based One Time Password.
reset	Reset the variables to default value.
validate_password	Validates a Time-Based One Time Password.

Event List

The following is the full list of the events fired by the class with short descriptions. Click on the links for further details.


on_error	Information about errors during data delivery.

Config Settings

The following is a list of config settings for the class with short descriptions. Click on the links for further details.


CurrentTime	The current time in milliseconds.
FuturePasswordsAccepted	The number of future passwords to accept.
HashAlgorithm	The hash algorithm used to sign the password.
PasswordLength	The length of the generated password.
PreviousPasswordsAccepted	The number of previous passwords to accept.
QRCodeURI	Returns a URI suitable for encoding as a QR code.
SecretLength	The length of secret to generate.
ValidityTime	The validity time of the created TOTP password.
BuildInfo	Information about the product's build.
CodePage	The system code page used for Unicode to Multibyte translations.
LicenseInfo	Information about the current license.
MaskSensitive	Whether sensitive data is masked in log messages.
ProcessIdleEvents	Whether the class uses its internal event loop to process events when the main thread is idle.
SelectWaitMillis	The length of time in milliseconds the class will wait when DoEvents is called if there are no events to process.
UseFIPSCompliantAPI	Tells the class whether or not to use FIPS certified APIs.
UseInternalSecurityAPI	Tells the class whether or not to use the system security libraries or an internal implementation.

password Property

The Time-Based One Time Password.

Syntax

def get_password() -> str: ...
def set_password(value: str) -> None: ...

password = property(get_password, set_password)

Default Value

Remarks

This property holds the Time-Based One Time Password. This property is populated after calling create_password. This property must be set before calling validate_password.

secret Property

The Base32 encoded shared secret used when creating and validating a password.

Syntax

def get_secret() -> str: ...
def set_secret(value: str) -> None: ...

secret = property(get_secret, set_secret)

Default Value

Remarks

This property specifies the Base32 encoded shared secret used when creating and validating a password. This should be set before calling create_password or validate_password.

If this is not set before calling create_password a random secret will be automatically generated. This functionality provides an easy way to create new secret values. The length of the secret is defined by SecretLength.

time_step Property

The time step (in seconds) used for Time-Based One Time Password creation or validation.

Syntax

def get_time_step() -> int: ...
def set_time_step(value: int) -> None: ...

time_step = property(get_time_step, set_time_step)

Default Value

Remarks

This property specifies the time step (in seconds) used for Time-Based One Time Password creation or validation. This value must be specified before calling create_password or validate_password.

The default value is 30.

validity_time Property

The validity time of the created password.

Syntax

def get_validity_time() -> int: ...

validity_time = property(get_validity_time, None)

Default Value

Remarks

This property returns the remaining validity time in seconds of the created password. After calling create_password this property may be queried to determine for how many more seconds the password will be valid. If the password is no longer valid this property returns 0.

This property is read-only.

config Method

Sets or retrieves a configuration setting.

Syntax

def config(configuration_string: str) -> str: ...

Remarks

config is a generic method available in every class. It is used to set and retrieve configuration settings for the class.

These settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the class, access to these internal properties is provided through the config method.

To set a configuration setting named PROPERTY, you must call Config("PROPERTY=VALUE"), where VALUE is the value of the setting expressed as a string. For boolean values, use the strings "True", "False", "0", "1", "Yes", or "No" (case does not matter).

To read (query) the value of a configuration setting, you must call Config("PROPERTY"). The value will be returned as a string.

create_password Method

Creates a Time-Based One Time Password.

Syntax

def create_password() -> None: ...

Remarks

This method creates a Time-Based One Time Password.

The following properties are applicable when calling create_password.

secret
time_step

Calling create_password populates the password property with the created password.

If secret is not specified before calling this method a random secret will be automatically generated.

reset Method

Reset the variables to default value.

Syntax

def reset() -> None: ...

Remarks

This method will reset the variables to default value.

validate_password Method

Validates a Time-Based One Time Password.

Syntax

def validate_password() -> bool: ...

Remarks

This method validates a Time-Based One Time Password.

The following properties are applicable when calling validate_password.

password (required)
secret (required)
time_step

The method will return True if the password is validated, False otherwise.

on_error Event

Information about errors during data delivery.

Syntax

class TOTPErrorEventParams(object):
  @property
  def error_code() -> int: ...

  @property
  def description() -> str: ...

# In class TOTP:
@property
def on_error() -> Callable[[TOTPErrorEventParams], None]: ...
@on_error.setter
def on_error(event_hook: Callable[[TOTPErrorEventParams], None]) -> None: ...

Remarks

The on_error event is fired in case of exceptional conditions during message processing. Normally the class fails with an error.

ErrorCode contains an error code and Description contains a textual description of the error. For a list of valid error codes and their descriptions, please refer to the Error Codes section.

TOTP Config Settings

The class accepts one or more of the following configuration settings. Configuration settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the class, access to these internal properties is provided through the config method.

TOTP Config Settings

CurrentTime: The current time in milliseconds.

Specifies the current time Unix time in milliseconds (time since January 1 1970). Normally the component will query the system for the current time when creating or validating TOTP passwords. In the event that the system time is incorrect or cannot be retrieved you may set this value to the current time. This value will be reset to 0 after calling create_password.

FuturePasswordsAccepted: The number of future passwords to accept.

When set to a positive value, the class will accept passwords which are generated {FuturePasswordsAccepted} * time_step seconds in the future. The default value is 0.

HashAlgorithm: The hash algorithm used to sign the password.

This setting specifies the hash algorithm used to sign the password. Possible values are:

SHA1 (default)
SHA256
SHA512

PasswordLength: The length of the generated password.

This setting specifies the length of the generated password. Possible values are:

6 (default)
7
8

PreviousPasswordsAccepted: The number of previous passwords to accept.

When set to a positive value, the class will accept passwords which were generated {PreviousPasswordsAccepted} * time_step seconds in the past. The default value is 0.

QRCodeURI: Returns a URI suitable for encoding as a QR code.

This setting provides a way to generate a URI which can be encoded into a QR code, suitable for using in any authenticator application. The URI format is well defined and is an easy way to transfer the secret key and other relevant parameters.

To use this setting first set secret to a valid value, then execute code like:

string MyQRCodeURI = component.Config("QRCodeURI=MyServiceName:account@company.com");

In the above example the MyServiceName value is the issuer. This is typically used in authenticator applications to identify the service to which the account belongs. The account@company.com value is the account name and identifies the specific account with which the key is associated. The use of an issuer is not required but is recommended. An account name is required.

The return value from this operation is a URI in one of the following formats:

//TOTP
otpauth://totp/MyServiceName:account@company.com?secret=JBSWY3DPEHPK3PXP&digits=6&period=30

//HOTP
otpauth://hotp/MyServiceName:account@company.com?secret=JBSWY3DPEHPK3PXP&digits=6&counter=0

The following values are applicable when using this setting:

secret
PasswordLength
HashAlgorithm
time_step (TOTP)
counter (HOTP)

SecretLength: The length of secret to generate.

When secret is empty and create_password is called a random secret value will be generated. This setting determines the length of the randomly generated secret. The default value is 32.

ValidityTime: The validity time of the created TOTP password.

This setting returns the remaining validity time in seconds of the created TOTP password. After calling create_password this setting may be queried to determine for how many more seconds the password will be valid. If the password is no longer valid this setting returns 0. This is not applicable to HOTP passwords.

Base Config Settings

BuildInfo: Information about the product's build.

When queried, this setting will return a string containing information about the product's build.

CodePage: The system code page used for Unicode to Multibyte translations.

The default code page is Unicode UTF-8 (65001).

The following is a list of valid code page identifiers:


Identifier	Name
037	IBM EBCDIC - U.S./Canada
437	OEM - United States
500	IBM EBCDIC - International
708	Arabic - ASMO 708
709	Arabic - ASMO 449+, BCON V4
710	Arabic - Transparent Arabic
720	Arabic - Transparent ASMO
737	OEM - Greek (formerly 437G)
775	OEM - Baltic
850	OEM - Multilingual Latin I
852	OEM - Latin II
855	OEM - Cyrillic (primarily Russian)
857	OEM - Turkish
858	OEM - Multilingual Latin I + Euro symbol
860	OEM - Portuguese
861	OEM - Icelandic
862	OEM - Hebrew
863	OEM - Canadian-French
864	OEM - Arabic
865	OEM - Nordic
866	OEM - Russian
869	OEM - Modern Greek
870	IBM EBCDIC - Multilingual/ROECE (Latin-2)
874	ANSI/OEM - Thai (same as 28605, ISO 8859-15)
875	IBM EBCDIC - Modern Greek
932	ANSI/OEM - Japanese, Shift-JIS
936	ANSI/OEM - Simplified Chinese (PRC, Singapore)
949	ANSI/OEM - Korean (Unified Hangul Code)
950	ANSI/OEM - Traditional Chinese (Taiwan; Hong Kong SAR, PRC)
1026	IBM EBCDIC - Turkish (Latin-5)
1047	IBM EBCDIC - Latin 1/Open System
1140	IBM EBCDIC - U.S./Canada (037 + Euro symbol)
1141	IBM EBCDIC - Germany (20273 + Euro symbol)
1142	IBM EBCDIC - Denmark/Norway (20277 + Euro symbol)
1143	IBM EBCDIC - Finland/Sweden (20278 + Euro symbol)
1144	IBM EBCDIC - Italy (20280 + Euro symbol)
1145	IBM EBCDIC - Latin America/Spain (20284 + Euro symbol)
1146	IBM EBCDIC - United Kingdom (20285 + Euro symbol)
1147	IBM EBCDIC - France (20297 + Euro symbol)
1148	IBM EBCDIC - International (500 + Euro symbol)
1149	IBM EBCDIC - Icelandic (20871 + Euro symbol)
1200	Unicode UCS-2 Little-Endian (BMP of ISO 10646)
1201	Unicode UCS-2 Big-Endian
1250	ANSI - Central European
1251	ANSI - Cyrillic
1252	ANSI - Latin I
1253	ANSI - Greek
1254	ANSI - Turkish
1255	ANSI - Hebrew
1256	ANSI - Arabic
1257	ANSI - Baltic
1258	ANSI/OEM - Vietnamese
1361	Korean (Johab)
10000	MAC - Roman
10001	MAC - Japanese
10002	MAC - Traditional Chinese (Big5)
10003	MAC - Korean
10004	MAC - Arabic
10005	MAC - Hebrew
10006	MAC - Greek I
10007	MAC - Cyrillic
10008	MAC - Simplified Chinese (GB 2312)
10010	MAC - Romania
10017	MAC - Ukraine
10021	MAC - Thai
10029	MAC - Latin II
10079	MAC - Icelandic
10081	MAC - Turkish
10082	MAC - Croatia
12000	Unicode UCS-4 Little-Endian
12001	Unicode UCS-4 Big-Endian
20000	CNS - Taiwan
20001	TCA - Taiwan
20002	Eten - Taiwan
20003	IBM5550 - Taiwan
20004	TeleText - Taiwan
20005	Wang - Taiwan
20105	IA5 IRV International Alphabet No. 5 (7-bit)
20106	IA5 German (7-bit)
20107	IA5 Swedish (7-bit)
20108	IA5 Norwegian (7-bit)
20127	US-ASCII (7-bit)
20261	T.61
20269	ISO 6937 Non-Spacing Accent
20273	IBM EBCDIC - Germany
20277	IBM EBCDIC - Denmark/Norway
20278	IBM EBCDIC - Finland/Sweden
20280	IBM EBCDIC - Italy
20284	IBM EBCDIC - Latin America/Spain
20285	IBM EBCDIC - United Kingdom
20290	IBM EBCDIC - Japanese Katakana Extended
20297	IBM EBCDIC - France
20420	IBM EBCDIC - Arabic
20423	IBM EBCDIC - Greek
20424	IBM EBCDIC - Hebrew
20833	IBM EBCDIC - Korean Extended
20838	IBM EBCDIC - Thai
20866	Russian - KOI8-R
20871	IBM EBCDIC - Icelandic
20880	IBM EBCDIC - Cyrillic (Russian)
20905	IBM EBCDIC - Turkish
20924	IBM EBCDIC - Latin-1/Open System (1047 + Euro symbol)
20932	JIS X 0208-1990 & 0121-1990
20936	Simplified Chinese (GB2312)
21025	IBM EBCDIC - Cyrillic (Serbian, Bulgarian)
21027	Extended Alpha Lowercase
21866	Ukrainian (KOI8-U)
28591	ISO 8859-1 Latin I
28592	ISO 8859-2 Central Europe
28593	ISO 8859-3 Latin 3
28594	ISO 8859-4 Baltic
28595	ISO 8859-5 Cyrillic
28596	ISO 8859-6 Arabic
28597	ISO 8859-7 Greek
28598	ISO 8859-8 Hebrew
28599	ISO 8859-9 Latin 5
28605	ISO 8859-15 Latin 9
29001	Europa 3
38598	ISO 8859-8 Hebrew
50220	ISO 2022 Japanese with no halfwidth Katakana
50221	ISO 2022 Japanese with halfwidth Katakana
50222	ISO 2022 Japanese JIS X 0201-1989
50225	ISO 2022 Korean
50227	ISO 2022 Simplified Chinese
50229	ISO 2022 Traditional Chinese
50930	Japanese (Katakana) Extended
50931	US/Canada and Japanese
50933	Korean Extended and Korean
50935	Simplified Chinese Extended and Simplified Chinese
50936	Simplified Chinese
50937	US/Canada and Traditional Chinese
50939	Japanese (Latin) Extended and Japanese
51932	EUC - Japanese
51936	EUC - Simplified Chinese
51949	EUC - Korean
51950	EUC - Traditional Chinese
52936	HZ-GB2312 Simplified Chinese
54936	Windows XP: GB18030 Simplified Chinese (4 Byte)
57002	ISCII Devanagari
57003	ISCII Bengali
57004	ISCII Tamil
57005	ISCII Telugu
57006	ISCII Assamese
57007	ISCII Oriya
57008	ISCII Kannada
57009	ISCII Malayalam
57010	ISCII Gujarati
57011	ISCII Punjabi
65000	Unicode UTF-7
65001	Unicode UTF-8

The following is a list of valid code page identifiers for Mac OS only:


Identifier	Name
1	ASCII
2	NEXTSTEP
3	JapaneseEUC
4	UTF8
5	ISOLatin1
6	Symbol
7	NonLossyASCII
8	ShiftJIS
9	ISOLatin2
10	Unicode
11	WindowsCP1251
12	WindowsCP1252
13	WindowsCP1253
14	WindowsCP1254
15	WindowsCP1250
21	ISO2022JP
30	MacOSRoman
10	UTF16String
0x90000100	UTF16BigEndian
0x94000100	UTF16LittleEndian
0x8c000100	UTF32String
0x98000100	UTF32BigEndian
0x9c000100	UTF32LittleEndian
65536	Proprietary

LicenseInfo: Information about the current license.

When queried, this setting will return a string containing information about the license this instance of a class is using. It will return the following information:

Product: The product the license is for.
Product Key: The key the license was generated from.
License Source: Where the license was found (e.g., RuntimeLicense, License File).
License Type: The type of license installed (e.g., Royalty Free, Single Server).
Last Valid Build: The last valid build number for which the license will work.

MaskSensitive: Whether sensitive data is masked in log messages.

In certain circumstances it may be beneficial to mask sensitive data, like passwords, in log messages. Set this to True to mask sensitive data. The default is True.

This setting only works on these classes: AS3Receiver, AS3Sender, Atom, Client(3DS), FTP, FTPServer, IMAP, OFTPClient, SSHClient, SCP, Server(3DS), Sexec, SFTP, SFTPServer, SSHServer, TCPClient, TCPServer.

ProcessIdleEvents: Whether the class uses its internal event loop to process events when the main thread is idle.

If set to False, the class will not fire internal idle events. Set this to False to use the class in a background thread on Mac OS. By default, this setting is True.

SelectWaitMillis: The length of time in milliseconds the class will wait when DoEvents is called if there are no events to process.

If there are no events to process when do_events is called, the class will wait for the amount of time specified here before returning. The default value is 20.

UseFIPSCompliantAPI: Tells the class whether or not to use FIPS certified APIs.

When set to True, the class will utilize the underlying operating system's certified APIs. Java editions, regardless of OS, utilize Bouncy Castle FIPS, while all the other Windows editions make use of Microsoft security libraries.

FIPS mode can be enabled by setting the UseFIPSCompliantAPI configuration setting to True. This is a static setting which applies to all instances of all classes of the toolkit within the process. It is recommended to enable or disable this setting once before the component has been used to establish a connection. Enabling FIPS while an instance of the component is active and connected may result in unexpected behavior.

For more details please see the FIPS 140-2 Compliance article.

Note: This setting is only applicable on Windows.

Note: Enabling FIPS-compliance requires a special license; please contact sales@nsoftware.com for details.

UseInternalSecurityAPI: Tells the class whether or not to use the system security libraries or an internal implementation.

When set to False, the class will use the system security libraries by default to perform cryptographic functions where applicable.

Setting this setting to True tells the class to use the internal implementation instead of using the system security libraries.

On Windows, this setting is set to False by default. On Linux/macOS, this setting is set to True by default.

To use the system security libraries for Linux, OpenSSL support must be enabled. For more information on how to enable OpenSSL, please refer to the OpenSSL Notes section.

TOTP Errors


	114 Can't create password.
	115 Can't validate password.